Hy, I am developing a Django Blog application. In this application, I have
a PostEdit view to edit the post, Delete post view to delete the post.
These operations can only be performed by the user who has created that
post. I used Delete view as a functional view and edit view as CBV. Now
what is happening is that any user is able to delete or edit the others
post through URL. In my delete post view since it is a functional based
view, I have used if condition to prevent another user to prevent deleting
someone else post. But since for post edit, I am using CBV, I am not able
to find a way to prevent a user from editing someone else's post.
So how can I prevent doing another user to edit someone else post?
class PostUpdateView(LoginRequiredMixin ,UpdateView):
model = Post
template_name = 'blog/post_form.html'
form_class = PostForm
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['title'] = 'Update'
return context
def form_valid(self, form):
form.instance.author = self.request.user
form.save()
return super().form_valid(form)
@login_required
def post_delete(request, slug):
post = get_object_or_404(Post, slug=slug)
if (request.user == post.author):
post.delete()
return redirect('blog:post_list')
else:
return redirect('blog:post_detail', slug=slug)
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/9b38d4e0-a30a-43ed-9af6-6c9ac545024f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
