How do I restrict access in django? - django

I have an application in which all users, after registration, can publish articles, how can I make it so that only those who have the rights for this can publish (something like ordinary users and moderators / editors and how to grant these rights. Below is the attached code:
models.py/blogapp
class Post(models.Model):
title = models.CharField(verbose_name=("Заголовок"), max_length=200)
author = models.ForeignKey(User, on_delete=models.CASCADE)
header_image = models.ImageField(verbose_name=("Заглавное Изображение"), null=True, blank=True, upload_to="images/" )
body = RichTextField(verbose_name=("Тело Статьи"), blank=True, null=True)
#body = models.TextField(blank=True, null=True)
post_date = models.DateTimeField(auto_now_add=True)
category = models.CharField(verbose_name=("Категория"), max_length=200)
snippet = models.CharField(verbose_name=("Фрагмент Статьи"), max_length=200)
likes = models.ManyToManyField(User, related_name='blog_post')
updated_on = models.DateTimeField(auto_now= True)
def total_likes(self):
return self.likes.count()
def __str__(self):
return self.title + ' | ' + str(self.author)
def get_absolute_url(self):
return reverse('article_detail', args=[str(self.id)])
views.py/members
class CreateProfilePageView(CreateView):
model = Profile
form_class = ProfilePageForm
template_name = "registration/create_user_profile.html"
#fields = '__all__'
def form_valid(self, form):
form.instance.user = self.request.user
return super().form_valid(form)
class EditProfilePageView(generic.UpdateView):
model = Profile
template_name = 'registration/edit_profile_page.html'
fields = ['bio', 'profile_pic', 'website_url', 'instagram_url', 'twitter_url', 'status', 'age']
success_url = reverse_lazy('home')
class ShowProfilePageView(DetailView):
model = Profile
template_name = 'registration/user_profile.html'
def get_context_data(self, *args, **kwargs):
#users = Profile.objects.all()
context = super(ShowProfilePageView, self).get_context_data(*args, **kwargs)
page_user = get_object_or_404(Profile, id=self.kwargs['pk'])
context["page_user"] = page_user
return context
class PasswordsChangeView(PasswordChangeView):
form_class = PasswordChangingForm
#form_class = PasswordChangeForm
success_url = reverse_lazy('password_success')
#success_url = reverse_lazy('home')
def password_success(request):
return render(request, 'registration/password_success.html', {})
class UserRegisterView(generic.CreateView):
form_class = SignUpForm
template_name = 'registration/registr.html'
success_url = reverse_lazy('login')
class UserEditView(generic.UpdateView):
form_class = EditProfileForm
template_name = 'registration/edit_profile.html'
success_url = reverse_lazy('home')
def get_object(self):
return self.request.user
views.py/blogapp
class HomeView(ListView):
model = Post
queryset = Post.objects.filter(draft=False)
cats = Category.objects.all()
template_name = 'home.html'
ordering = ['-post_date']
paginate_by = 6
def get_context_data(self, *args, **kwargs):
cat_menu = Category.objects.all()
context = super(HomeView, self).get_context_data(*args, **kwargs)
context["cat_menu"] = cat_menu
return context
def CategoryListView(request):
cat_menu = Category.objects.all()
return render(request, 'category_list.html', {'cat_menu':cat_menu})
def CategoryView(request, cats):
category_posts = Post.objects.filter(category = cats). order_by('-post_date')
return render(request, 'categories.html', {'cats':cats.title(), 'category_posts':category_posts})
class ArticleDetailView(HitCountDetailView):
model = Post
template_name = 'post_detail.html'
count_hit = True
def get_context_data(self, *args, **kwargs):
cat_menu = Category.objects.all()
context = super(ArticleDetailView, self).get_context_data(*args, **kwargs)
stuff = get_object_or_404(Post, id=self.kwargs['pk'])
total_likes = stuff.total_likes()
context["cat_menu"] = cat_menu
context["total_likes"] = total_likes
return context
class AddPostView(CreateView):
model = Post
form_class = PostForm
template_name= 'add_post.html'
#fields = '__all__'
class AddCommentView(CreateView):
model = Comment
form_class = CommentForm
template_name= 'add_comment.html'
def form_valid(self, form):
form.instance.post_id = self.kwargs['pk']
return super().form_valid(form)
def get_success_url(self):
return reverse_lazy('article_detail', kwargs={'pk': self.kwargs['pk']})
class AddCategoryView(CreateView):
model = Category
template_name= 'add_category.html'
fields = '__all__'
class UpdatePostView(UpdateView):
model = Post
template_name = 'update_post.html'
form_class = EditForm
#fields = ['title', 'body']
class DeletePostView(DeleteView):
model = Post
template_name = 'delete_post.html'
success_url = reverse_lazy('home')
If you need any more code, I will attach it, thanks, and forgive my english)

Hello asd you can add flags like this in your Profile Model like this
class Profile(models.Model):
user = models.ForeignKey(User,on_delete=models.PROTECT)
is_moderator = models.BooleanField(default=False)
is_editor = models.BooleanField(default=False)#you can add many more as you want
and you can validate user in template or in views like this
in views.py
def check_user(request):
moderator_profile = Profile(user_id=request.user.id,is_moderator=True)
editor_profile = Profile(user_id=request.user.id,is_editor=True)
if user_profile:
return redirect('url_for_moderator')
elif editor_profile:
return redirect('url_for_editor')
OR
you can pass data to the template and give certain functionality for certain user
like this
in your views.py
def get_post(request):
user_profile = Profile.objects.filter(user=request.user.id)
return render(request,"post.html",{"user_profile":user_profile})
and inside post.html
{% if user_profile.is_editor or user_profile.is_moderator %}
<button>Edit</button>
{% endif %}
if you don't like this way you can do it in better way check this post
https://simpleisbetterthancomplex.com/tutorial/2018/01/18/how-to-implement-multiple-user-types-with-django.html

Related

Formset not submitting uploaded picture?

I have a view to allow courses to created by users on my app, which am currently having a challenge uploading a course cover(pic) when users create a new course, when course is created all the fields of the course detail get submitted to the data base except the picture data, why is the picture not being submitted, can some one please help me. as this has been a challenge for me for the past week!
This is my view to create a new course!.
class OwnerMixin(object):
def get_queryset(self):
qs = super(OwnerMixin, self).get_queryset()
return qs.filter(owner=self.request.user)
class OwnerEditMixin(object):
def form_valid(self, form):
form.instance.owner = self.request.user
return super(OwnerEditMixin, self).form_valid(form)
class OwnerCourseMixin(OwnerMixin):
model = Course
fields = ['subject', 'title', 'slug','overview','pic']
success_url = reverse_lazy('courses:manage_course_list')
class OwnerCourseEditMixin(OwnerCourseMixin):
fields = ['subject', 'title','slug', 'overview','pic']
success_url = reverse_lazy('courses:manage_course_list')
template_name = 'manage/module/formset.html'
class ManageCourseListView(OwnerCourseMixin,ListView):
template_name ='courses/course_list.html'
class CourseCreateView(OwnerCourseEditMixin,OwnerEditMixin,CreateView,):
pass
permission_required = 'courses.add_course'
class CourseModuleUpdateView(TemplateResponseMixin, View):
template_name = 'manage/module/formset.html'
course = None
def get_formset(self, data=None,):
return ModuleFormSet(instance=self.course,data=data,)
def get_form(self, data=None):
return RequirementFormset(instance=self.course,data=data)
def get_forms(self, data=None):
return WhatYouWillLearnFormset(instance=self.course,data=data)
def dispatch(self, request, pk):
self.course = get_object_or_404(Course,id=pk,owner=request.user)
return super(CourseModuleUpdateView, self).dispatch(request, pk)
def get(self, request, *args, **kwargs):
formset = self.get_formset()
form = self.get_form()
forms = self.get_forms()
return self.render_to_response({'course':self.course,
'formset':formset,'form':form,'forms':forms,})
def post(self, request, *args, **kwargs):
formset = self.get_formset(data=request.POST,)
form = self.get_form(data=request.POST,)
forms = self.get_forms(data=request.POST,)
if formset.is_valid():
formset.save()
if form.is_valid():
form.save()
if forms.is_valid():
forms.save()
return redirect('courses:manage_course_list')
return self.render_to_response({'course': self.course,
'formset':formset,})
Here is my model, am using formset to create course and also
class Course(models.Model):
owner = models.ForeignKey(settings.AUTH_USER_MODEL,\
related_name='courses_created', on_delete=models.CASCADE)
subject = models.ForeignKey(Subject,related_name='courses', on_delete=models.CASCADE)
title = models.CharField(max_length=200)
pic = models.ImageField(upload_to="course_pictures", blank=True,null=True)
slug = models.SlugField(max_length=200, unique=True,blank=True)
overview = models.TextField()
created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True)
students = models.ManyToManyField(settings.AUTH_USER_MODEL,related_name='courses_joined',blank=True)
class Meta:
ordering = ['-created']
def __str__(self):
return self.title
Here is my formset
class CourseForm(forms.ModelForm):
class Meta:
model = Course
fields = ['pic']
ModuleFormSet = inlineformset_factory(Course,
Module,
fields=['title','description',],
extra=2,
can_delete=True)
RequirementFormset = inlineformset_factory(Course,
Requirement,
fields=['requirements'],
extra=4,can_delete=True)
WhatYouWillLearnFormset = inlineformset_factory(Course,
WhatYouWillLearn,
fields=['hightlights'],
extra=4,can_delete=True)
I think the attribute enctype="multipart/form-data" is missing in the form tag in the template file.
<form method="post" enctype="multipart/form-data">
...
...
</form>

prevent sql duplicates by inline formset factory in django 3.0.5

i have a problem with inline formset factory in django 3.0.5. i have models like this:
class Resume(models.Model):
user = models.ForeignKey(User, verbose_name=_('User'), on_delete=models.CASCADE)
website = models.URLField(verbose_name=_('Web Site'), blank=True, null=True)
...
class Expertise(models.Model):
name = models.CharField(_('name'), max_length=100)
...
class ResumeExpertise(models.Model):
resume = models.ForeignKey(Resume, on_delete=models.CASCADE, related_name='resume_expertise')
expertise = models.OneToOneField(Expertise, on_delete=models.CASCADE, verbose_name=_('Expertise'), related_name='resume_expertise_item')
score = models.PositiveSmallIntegerField(_('Score'))
def __str__(self):
return self.expertise.name
in this case user must edit the form. i used inline formset factory. my forms.py:
class ResumeForm(forms.ModelForm):
class Meta:
model = Resume
fields = ('website',)
def __init__(self, *args, **kwargs):
super(ResumeForm, self).__init__(*args, **kwargs)
self.helper = FormHelper()
self.helper.form_tag = True
self.helper.form_class = 'form-horizontal'
self.helper.label_class = 'col-md-3 create-label'
self.helper.field_class = 'col-md-9'
self.helper.layout = Layout(
Div(
Field('website'),
Fieldset('Expertise',
Formset('expertise')),
HTML("<br>"),
ButtonHolder(Submit('submit', 'save')),
)
)
class ResumeExpertiseForm(forms.ModelForm):
class Meta:
model = ResumeExpertise
fields = ('expertise', 'score')
ResumeExpertiseFormSet = inlineformset_factory(Resume, ResumeExpertise, form=ResumeExpertiseForm, fields=['expertise', 'score'], extra=1, can_delete=True)
for views i used class based views like this:
class ResumeEdit(LoginRequiredMixin, UpdateView):
model = Resume
template_name = "user/resume_form.html"
form_class = ResumeForm
success_url = reverse_lazy('user:profile')
def get_object(self, queryset=None):
return Resume.objects.get(user=self.request.user)
def get_context_data(self, *args, **kwargs):
context = super(ResumeEdit, self).get_context_data(**kwargs)
context['title'] = _('Edit Resume')
if self.request.POST:
context['expertise'] = ResumeExpertiseFormSet(self.request.POST, instance=self.object)
else:
context['expertise'] = ResumeExpertiseFormSet(instance=self.object)
return context
def form_valid(self, form):
context = self.get_context_data()
expertise = context['expertise']
with transaction.atomic():
form.instance.user = self.request.user
self.object = form.save()
if expertise.is_valid():
expertise.instance = self.object
expertise.save()
return super(ResumeEdit, self).form_valid(form)
my problem is, when i load the ResumeEdit form in browser, debug_toolbar shows:
SELECT ••• FROM `user_expertise`
26 similar queries. Duplicated 26 times.
i'm new to inline formset factory and so confused. what i did wrong? is there any way to prevent this duplicats?

AttributeError 'NarrateUpdate' object has no attribute 'object'

I got an attribute error on my NarrateUpdate view. I want to edit/update a user submission from a form
Here's my views.py:
class NarrateUpdate(SuccessMessageMixin, UpdateView):
model = Narrate
fields = ['title', 'body']
template_name = 'narrate_update_form.html'
success_url = reverse_lazy('narrate-status')
success_message = "Narration successfully updated"
def get(self, request, *args, **kwargs):
footer = FooterLinks.objects.all()
context = self.get_context_data(**kwargs)
context['footer'] = footer
return self.render_to_response(context)
The urls.py
path('narration/<int:pk>/update/', NarrateUpdate.as_view(), name='edit-narration'),
And here's the models.py:
class Narrate(models.Model):
STATUS = (
('F', 'FOR REVIEW'),
('P', 'PASSED'),
)
title = models.CharField(max_length=255)
body = models.CharField(max_length=10000)
status = models.CharField(
max_length=25, choices=STATUS, default='for_review', blank=True)
def __str__(self):
return self.title
def get_absolute_url(self):
return "/narration/%i/" % self.title
class Meta:
verbose_name = "narration"
verbose_name_plural = "narrations"
What can I do to make this work?
Why are you overriding the get method? If you want to add footer better to do it in get_context_data() method:
class NarrateUpdate(SuccessMessageMixin, UpdateView):
model = Narrate
fields = ['title', 'body']
template_name = 'narrate_update_form.html'
success_url = reverse_lazy('narrate-status')
success_message = "Narration successfully updated"
def get_context_data(self, **kwargs):
context = super(NarrateUpdate, self).get_context_data(**kwargs)
context['footer'] = FooterLinks.objects.all()
return context

How to specify a list of values ​in a form in which CheckboxSelectMultiple is used?

I have a problem with the form in django. It uses the CheckboxSelectMultiple widget, but I need to set a list of possible choices only for posts created by the currently logged in user.
Any idea?
form:
class CycleForm(BSModalForm):
class Meta:
model = Cycle
fields = ['title', 'description', 'posts']
widgets = {
'posts': forms.CheckboxSelectMultiple(),
}
models
class Cycle(models.Model):
title = models.CharField(max_length=200, unique=True)
description = models.TextField(max_length=500, default="Brak opisu")
date_created = models.DateTimeField(default=timezone.now)
author = models.ForeignKey(User, on_delete=models.CASCADE)
posts = models.ManyToManyField(Post)
def __str__(self):
return self.title
class Post(models.Model):
title = models.CharField(max_length=50, unique=True)
content = MDTextField()
date_posted = models.DateTimeField(default=timezone.now)
author = models.ForeignKey(User, on_delete=models.CASCADE)
numbers_of_entries = models.IntegerField(default=0)
views
class CycleCreateView(BSModalCreateView, LoginRequiredMixin):
template_name = 'blog/cycle_form.html'
form_class = CycleForm
def form_valid(self, form, **kwargs):
form.instance.author = self.request.user
return super().form_valid(form)
def get_success_url(self):
reverse_user = self.request.user
return reverse('profile', kwargs={'username': reverse_user})
class CycleUpdateView(BSModalUpdateView):
model = Cycle
template_name = 'blog/cycle_update.html'
form_class = CycleForm
success_message = 'Success: Cycle was updated.'
def get_success_url(self):
reverse_user = self.request.user
return reverse('profile', kwargs={'username': reverse_user})
We can slightly alter the CycleForm form and add a user parameter. If that parameter is set, we filter the queryset of the posts field by only using Posts
class CycleForm(BSModalForm):
def __init__(self, *args, user=None, **kwargs):
super().__init__(*args, **kwargs)
if user is not None:
self.fields['posts'].queryset = Post.objects.filter(author=user)
class Meta:
model = Cycle
fields = ['title', 'description', 'posts']
widgets = {
'posts': forms.CheckboxSelectMultiple(),
}
Now we only need to pass the user to the form, we can override the get_form_kwargs method [Django-doc]:
class CycleCreateView(LoginRequiredMixin, BSModalCreateView):
template_name = 'blog/cycle_form.html'
form_class = CycleForm
def get_form_kwargs(self):
kwargs = super().get_form_kwargs()
kwargs.update(user=self.request.user)
return kwargs
def form_valid(self, form, **kwargs):
form.instance.author = self.request.user
return super().form_valid(form)
def get_success_url(self):
reverse_user = self.request.user
return reverse('profile', kwargs={'username': reverse_user})
You should do the same with the UpdateView. Note that your LoginRequiredMixin likely should be put first in the base classes.

django class view Overlapping

I am not good at English.
Please understand me.
I'm creating a blog in Django.
I am making it into class view, but I want to see a reple list and form in the post details view.
like this
enter image description here
POST detailview has already been implemented and I don't know how to add comments.
Should I be function view?
Give me some advice.
code
views.py
class BlogLV(LoginRequiredMixin,ListView):
model = Blog
def get_queryset(self):
return Blog.objects.exclude(user=self.request.user)
class BlogCV(LoginRequiredMixin,CreateView): # blog_form.html
model = Blog
fields = ['name','description','image']
success_url = reverse_lazy('blog:index')
def form_valid(self, form): #오류
form.instance.user = self.request.user #user 설정
form.instance.slug = self.request.user
return super(BlogCV,self).form_valid(form)
class BlogDV(LoginRequiredMixin,DetailView):
model = Blog
class PostCreateView(LoginRequiredMixin,CreateView):
model = Post
fields = ['title', 'content']
success_url = reverse_lazy('blog:index')
template_name = 'blog/post_form.html'
def get_context_data(self, **kwargs):
context = super(PostCreateView, self).get_context_data(**kwargs)
context['blog'] = Blog.objects.get(slug=self.kwargs['slug'])
return context
def form_valid(self, form):
form.instance.user = self.request.user
form.instance.slug = self.request.user
return super(PostCreateView, self).form_valid(form)
class PostDV(LoginRequiredMixin,DetailView):
model = Post
fields =['title','content']
def get_context_data(self, **kwargs):
context = super(PostDV, self).get_context_data(**kwargs)
context['blog'] = Blog.objects.get(slug=self.kwargs['slug'])
return context
class PostLV(LoginRequiredMixin,ListView):
model = Post
paginate_by = 5
def get_context_data(self, *, object_list=None, **kwargs):
context = super(PostLV,self).get_context_data(**kwargs)
context['blog'] = Blog.objects.get(slug=self.kwargs['slug'])
return context
def get_queryset(self):
return Post.objects.filter(slug=self.kwargs['slug'])
class PostDeleteView(LoginRequiredMixin,DeleteView):
model = Post
success_url = reverse_lazy('blog:index')
def get_context_data(self, *, object_list=None, **kwargs):
context = super(PostDeleteView,self).get_context_data(**kwargs)
context['blog'] = Blog.objects.get(slug=self.kwargs['slug'])
return context
class PostUV(LoginRequiredMixin,UpdateView):
model = Post
fields = ['title','content']
success_url = reverse_lazy('blog:index')
def get_context_data(self, *, object_list=None, **kwargs):
context = super(PostUV,self).get_context_data(**kwargs)
context['blog'] = Blog.objects.get(slug=self.kwargs['slug'])
return context
urls.py
urlpatterns = [
url(r'^$',BlogLV.as_view(),name="index"),
url(r'^create/$',BlogCV.as_view(),name='blog_create'),
url(r'^(?P<slug>[-\w]+)/$',BlogDV.as_view(),name='blog_detail'),
url(r'^(?P<slug>[-\w]+)/post/create/$',PostCreateView.as_view(),name='post_create'),
url(r'^(?P<slug>[-\w]+)/post/$',PostLV.as_view(),name='post_list'),
url(r'^(?P<slug>[-\w]+)/post/(?P<pk>[0-9]+)/$', PostDV.as_view(), name='post_detail'),
url(r'^(?P<slug>[-\w]+)/update/(?P<pk>[0-9]+)/$', PostUV.as_view(), name='post_update'),
url(r'^(?P<slug>[-\w]+)/delete/(?P<pk>[0-9]+)/$', PostDeleteView.as_view(), name='post_delete'),
]
models.py
#python_2_unicode_compatible
class Blog(models.Model): # 유저 당 하나
name = models.CharField(max_length=20)
description = models.CharField(max_length=30)
image = models.ImageField(upload_to='blog/profile')
create_date = models.DateTimeField(auto_now_add=True)
slug = models.SlugField(unique=True,allow_unicode=True)
# 블로그 생성한 시각
# 저장 경로: MEDIA_ROOT/blog/projile/xxx.jpg 파일 저장
# DB 필드 'MEDIA_URL/blog/profile/xxx.jpg' 문자열 저장
user = models.OneToOneField(User)
class Meta:
ordering = ['-create_date']
# 생성된 날짜의 내림차순으로 정렬
def __str__(self):
return self.name
#python_2_unicode_compatible
class Post(models.Model):
title = models.CharField(max_length=30)
content = models.TextField()
create_date = models.DateTimeField(auto_now_add=True)
modify_date = models.DateTimeField(auto_now=True)
user = models.ForeignKey(User)
slug = models.SlugField(allow_unicode=True,default='slug')
class Meta :
ordering = ['-create_date']
def __str__(self):
return self.title
def get_absolute_url(self):
return reverse('blog:post_detail',args=(self.id,))
# post.get_absolute_url args
# 객체가 지칭하는 url 반환
def get_previous_post(self):
return self.get_previous_by_create_date()
#create_date 기준으로 이전 포스트 반환
# get_previous_by_column 내장객체 호출
def get_next_post(self):
return self.get_next_by_create_date()
#python_2_unicode_compatible
class Reple(models.Model):
content = models.TextField()
user = models.ForeignKey(User)
Post = models.IntegerField() # post_id
create_date = models.DateTimeField(auto_now_add=True)
class Meta:
ordering = ['-create_date']
def __str__(self):
return self.content
It's my first time writing, so I don't know how to Indent. Sorry
And if my code is not effective, tell me how to fix it.
thank you!
It might be easier to write the view from scratch as a function, but you can also override the existing post method to return additional data.