我有一个视图,我想传递属于医院的所有请求。而且,属于医院的用户无法查看其他医院的请求。如何返回HttpResponseNotAllowed?
它是一个M:1模型,医院有很多用户,而一个用户只有一个医院。请求属于医院和用户。
我有这个代码,但它不起作用。只显示属于医院的请求。但我仍然可以将Url更改为另一个医院ID并查看其他医院ID。
查看
def Get_UserRequest(request, Hospital_id):
# if not request.user.is_authenticated:
# return redirect('login')
if request.user.is_authenticated and request.method == "GET":
user_sector = int(request.user.FKLab_User.id)
if user_sector != Hospital_id:
HttpResponseNotAllowed()
requests = RequestHepatoPredict.objects.filter(Hospital_id=Hospital_id)
return render(request, 'user_profile/requests.html', {'requests': requests})
这对我有效。
@permission_classes((IsAuthenticated,))
def Get_UserRequest(request, Hospital_id):
# if not request.user.is_authenticated:
# return redirect('login')
perm = 1
user = request.user
if request.user.is_authenticated and request.method == "GET":
user_sector = user.FKLab_User.id
requests = []
if Hospital_id != user_sector:
perm = 0
if perm == 0:
error = "You are not allowed."
return render(request, "error/error.html", {'error':error})
requests = RequestHepatoPredict.objects.filter(Hospital_id=Hospital_id)
return render(request, 'user_profile/requests.html', {'requests': requests})