如何创建一个用户配置文件页面,其他用户可以查看该页面,而无需编辑该配置文件,除非他们是用户?
我想弄清楚的是url路由是如何工作的,最好的做法是将用户的配置文件存储在配置文件上/或<user_id>页面,然后使用通过url传递的用户名或id加载个人用户的数据,比如最近的帖子?
同样,这会由一个视图和模板来处理吗?只需使用{%if request.user==profile.user%}来显示编辑配置文件等内容?
我的问题是,任何用户在编辑url 时都可以为其他人编辑配置文件
例如,我的id是www.test.com/profile/44/,而其他用户具有此idwww.test.com/profile/40/好吧,现在当我编辑链接为40而不是44时,我可以访问和编辑第二个用户!如何修复
models.py:
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
email_confirmed = models.BooleanField(default=False)
@receiver(post_save, sender=User)
def update_user_profile(sender, instance, created, **kwargs):
if created:
Profile.objects.create(user=instance)
instance.profile.save()
def __str__(self):
return self.user
urls.py:
from django.urls import path
from blog_app.views import ProfileView
urlpatterns = [
path('profile/<int:pk>/', ProfileView.as_view(), name='profile'),
]
forms.py:
# Profile Form
class ProfileForm(forms.ModelForm):
# constructor of the UserForm, not Meta
def __init__(self, *args, **kwargs):
super().__init__(*args,**kwargs)
self.fields['username'].widget.attrs.update({'class':'form-control','placeholder':' Enter your username in English ','style': 'font-size:19px;text-align: center;'})
class Meta:
model = User
fields = [
'username',
'first_name',
'last_name',
'email',
]
views.py:
# Edit Profile View
class ProfileView(UpdateView):
model = User
form_class = ProfileForm
success_url = reverse_lazy('home')
template_name = 'user/commons/profile.html'
def get(self, request, *args, **kwargs):
form = self.form_class()
return render(request, self.template_name, {'form': form})
def post(self, request, *args, **kwargs):
form = self.form_class(request.POST)
if form.is_valid():
user = form.save(commit=False)
user.is_active = False # Deactivate account till it is confirmed
user.save()
current_site = get_current_site(request)
subject = 'Activate Your MySite Account'
message = render_to_string('user/emails/account_activation_email.html', {
'user': user,
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user.pk)),
'token': account_activation_token.make_token(user),
})
user.email_user(subject, message)
messages.success(request, ('Please Confirm your new email to change email.'))
return redirect('login')
return render(request, self.template_name, {'form': form})
html页面:
<button type="button" id="submit"> <a href="{% url 'profile' user.id %}" > edit profile info </a></button>
您可以重写get_object()方法以始终从request.user返回当前登录的用户,然后您将不需要提供"pk";路径中的变量。
在您的视图中实现get_object()
class ProfileView(UpdateView):
model = User
form_class = ProfileForm
success_url = reverse_lazy('home')
template_name = 'user/commons/profile.html'
def get_object(self, queryset=None):
return self.request.user
然后配置没有pk的路径
urlpatterns = [
path('profile/me/', ProfileView.as_view(), name='profile'),
]
请注意,应该在该视图上使用login_required()装饰器或LoginRequiredMixin,以避免匿名用户访问该视图。