【发布时间】:2020-12-08 21:53:19
【问题描述】:
我目前正在使用DetailView,返回一些业务详细信息的 JsonResponse。我使用test_func 和UserPassesTestMixin 来确保只有拥有is_admin=True 的用户才能访问这些仅限管理员的视图。
现在在我的BusinessDetail 模型中,我有一个名为owner 的字段,它是一个与企业所有者用户相关联的M2M 字段。当然,我还需要限制视图以确保 self.request.user 在 BusinessDetail 模型的 owner 字段中。
我已经尝试了一些东西,包括这个......
class BusinessDetailView(LoginRequiredMixin, UserPassesTestMixin, DetailView):
model = BusinessDetail
def test_func(self):
return self.request.user.is_admin
def get_object(self, queryset=None):
business = get_object_or_404(BusinessDetail, pk=self.kwargs.get('pk'))
serialized_obj = serializers.serialize('json', [business])
return serialized_obj
def get(self, request, *args, **kwargs):
try:
business = self.get_object()
logger.debug(business obj: {business}')
if self.request.user not in business.owner.all():
logger.debug('Error: Access not granted.')
return JsonResponse({'Error': 'Access restricted.'})
return JsonResponse(json.loads(business), status=200, safe=False)
except Exception as e:
logger.error(f'Error getting business detail with error: {e}')
return JsonResponse({'Error': 'DB error, return to previous page'}, status=500)
我的记录器看起来像......
==> /var/log/app/logger/debug.log <==
DEBUG 2020-12-08 21:35:19,935 /app_site/business_admin/views.py get 379 Business obj: [{"model": "authentication.business_detail", "pk": 3, "fields": {"name": "test name", "phone_no": "(111)-111-1111", "street": "111 5th st, "city": "Fort Lauderdale", "state": "Florida", "zip": "33087", "primary_email": "test@aol.com", "owner": [4], }}]
ERROR 2020-12-08 21:35:19,935 /app_site/business_admin/views.py get 379 Error getting business detail with error: 'str' object has no attribute 'owner'
是否有不同/更好的方法将这些视图限制为链接到 owner 字段的用户,因为我仍然无法访问您可以在记录器中看到输出的 owner 字段?我真的无法访问 owner 字段。
提前感谢您的帮助!
【问题讨论】:
标签: django django-views django-class-based-views django-permissions