问题描述
我想为我的用户和超级用户制作一个按钮,以便能够在 Django 管理中删除他们的帖子。当我点击删除按钮时,它既不会将我重定向到指定的 URL,也不会删除帖子。我使用 mixins 是为了让管理员删除每个人的每个帖子,但用户只能删除他们的帖子。
#MIXIN.py
class DeleteArticleAccessMixin():
def dispatch(self,request,pk,*args,**kwargs):
article = get_object_or_404(Article,pk=pk)
if article.author == request.user or request.user.is_superuser:
return super().dispatch(request,**kwargs)
else:
raise Http404("Access Denied!")
#Views.py
class ArticleDelete(DeleteArticleAccessMixin,DetailView):
model = Article
success_url = reverse_lazy('account:home')
template_name = "registration/article_confirm_delete.html"
#urls.py
path('article/delete/<int:pk>',ArticleDelete.as_view(),name="article-delete"),#我的主页 HTML 页面
{% if user.is_superuser or user.is_author %}
<a class="badge text-danger badge-primary"
href="{% url "account:article-delete" article.pk %}">Delete Article</a>
{% endif %}
<div class="col-md-8 text-center mx-auto">
<div class="card card-danger">
<div class="card-header">
<h3 class="card-title">Delete Article</h3>
</div>
<div class="card-body py-4">
<form method="post">{% csrf_token %}
<p class="py-2">Are you sure you want to delete "{{ object }}" written by
"{{ object.author.get_full_name }}"?</p>
<input type="submit" value="Confirm" class="btn btn-danger">
</form>
</div>
</div>
</div>
解决方法
这是有道理的,因为您的 DeleteArticleAccessMixin 永远不会删除某些内容。它只检查您的用户是否具有适当的访问权限。您可以从 DeletionMixin [Django-doc] 子类化。您还可以通过覆盖 get_queryset:
from django.views.generic.edit import DeletionMixin
class ArticleDelete(DeletionMixin,DetailView):
model = Article
success_url = reverse_lazy('account:home')
template_name = 'registration/article_confirm_delete.html'
def get_queryset(self,*args,**kwargs):
qs = super().get_queryset(*args,**kwargs)
if self.request.user.is_superuser:
return qs
return qs.filter(
author=self.request.user
)