1. 首頁
  2. 問答
  3. 只限制對is_superuser的訪問。 is_staff仍然可以訪問頁面

只限制對is_superuser的訪問。 is_staff仍然可以訪問頁面

2014-02-08 59 views
0

我在做什麼錯了?即使它不是超級用戶,is_staff仍然可以訪問此頁面。你能在這裏找到我的錯誤嗎?只限制對is_superuser的訪問。 is_staff仍然可以訪問頁面

from django import forms 
from django.conf import settings 
from django.http import HttpResponse, HttpResponseRedirect, Http404 
from ManagerApp import models as pmod 
from . import templater 
from django.contrib.auth.decorators import login_required 
from django.contrib.auth.decorators import user_passes_test 

@login_required(login_url='/ManagerApp/login/') 
@user_passes_test(lambda u: u.is_superuser) 

def process_request__new(request): 
    q = pmod.User() 
    q.first_name = 'New User!' 
    q.save() 
    return HttpResponseRedirect('/ManagerApp/edit_user/' + str(q.id)) 

def process_request(request): 
    '''Shows all users in the DB''' 
    q = pmod.User.objects.get(id=request.urlparams[0]) 
    form = UserForm(initial={ 
    #'active': q.is_active, 
    'superuser': q.is_superuser, 
    'staff': q.is_staff, 
    'firstname': q.first_name, 
    'lastname': q.last_name, 
    'username': q.username, 
    'password': q.password, 
    'email': q.email, 
    'street': q.street, 
    'city': q.city, 
    'state': q.state, 
    'zipCode': q.zipcode, 
    'phone': q.phone, 
    }) 
    if request.method == 'POST': 
    form = UserForm(request.POST) 
    if form.is_valid(): 
     #q.is_active = form.cleaned_data['active'] 
     q.is_superuser = form.cleaned_data['superuser'] 
     q.is_staff = form.cleaned_data['staff'] 
     q.first_name = form.cleaned_data['firstname'] 
     q.last_name = form.cleaned_data['lastname'] 
     q.username = form.cleaned_data['username'] 
     q.set_password(form.cleaned_data['password']) 
     q.email = form.cleaned_data['email'] 
     q.street = form.cleaned_data['street'] 
     q.city = form.cleaned_data['city'] 
     q.state = form.cleaned_data['state'] 
     q.zipcode = form.cleaned_data['zipcode'] 
     q.phone = form.cleaned_data['phone'] 
     q.save() 
     return HttpResponseRedirect('/ManagerApp/users/') 

    # return the template html 
    template_vars = { 
    'form': form, 
    } 
    return templater.render_to_response(request, 'edit_user.html', template_vars) 

class UserForm(forms.Form): 
    '''The question form''' 
    #active = forms.NullBooleanField(required=False) 
    superuser = forms.NullBooleanField(required=False) 
    staff = forms.NullBooleanField(required=False) 
    firstname = forms.CharField(required=False) 
    lastname = forms.CharField(required=False) 
    username = forms.CharField(required=False) 
    password = forms.CharField(required=False) 
    email = forms.CharField(required=False) 
    street = forms.CharField(required=False) 
    city = forms.CharField(required=False) 
    state = forms.CharField(required=False) 
    zipcode = forms.CharField(required=False) 
    phone = forms.CharField(required=False)

我擡頭看了一堆教程,但仍找不到解決方案來正確限制只有超級用戶的訪問權限。

此外,在edit_user頁面上,我有每個人都按其ID進行索引。所以URL將如下所示:ManagerApp/edit_user/1 /(該#對應於客戶ID)

來源

2014-02-08 user3106444

+0

哪一頁?你在這裏有兩個看法。我認爲裝飾者應該與第一個相關聯,儘管很難說。 –

+0

它是不識別is_superuser的edit_user頁面。我可以添加一個用戶,它的效果很好 – user3106444

+0

這不是很有幫助。你有兩個視圖,'process_request__new'和'process_request'。你在說哪一個? –

回答

1

裝飾器適用於單個功能。您的user_passes_test修飾符與process_request__new函數關聯,而不是process_request函數。

來源

2014-02-08 17:34:56

+0

所以你說我需要把我希望它生效的每個函數的修飾符放在面前?如果這很容易,我會+1你 – user3106444

+0

是的,就是這樣。 –

+0

好的,太棒了!現在如何讓它重定向到另一個網頁,而不是404頁面未找到 – user3106444

相關問題

 相關問題