Object ownership validation in Django UpdateView

后端未结

关注

 2  1660

长情又很酷 2021-02-11 03:02

EDIT:

The better solution for me was just using a permissions system, especially since I needed other types of controlled access to objects. I now use D

2条回答

挽巷 (楼主)

2021-02-11 03:31

The best approach would be to use another mixin, something like this:

class AuthorRequiredMixin(object):
    def dispatch(self, request, *args, **kwargs):
        if self.object.author != self.request.user:
            return HttpResponseForbidden()
        return super(AuthorRequiredMixin, self).dispatch(request, *args, **kwargs)

Of course you can return another HttpResponse, but keep in mind what is the proper use here.

0 讨论(0)

查看其它2个回答