我想为我的用户和超级用户做一个按钮,以便能够在django管理中删除他们的帖子。当我点击删除按钮时,它既没有将我重定向到指定的URL,也没有删除帖子。我已经使用mixins,以便让管理员删除每个人的每个帖子,但用户只能删除他们的帖子。
# MIXIN.py
class DeleteArticleAccessMixin():
def dispatch(self, request, pk, *args, **kwargs):
article = get_object_or_404(Article, pk=pk)
if article.author == request.user or request.user.is_superuser:
return super().dispatch(request, *args, **kwargs)
else:
raise Http404("Access Denied!")
# Views.py
class ArticleDelete(DeleteArticleAccessMixin, DetailView):
model = Article
success_url = reverse_lazy('account:home')
template_name = "registration/article_confirm_delete.html"
# urls . py
path('article/delete/<int:pk>', ArticleDelete.as_view(), name="article-delete"),
#My home HTML page
{% if user.is_superuser or user.is_author %}
<a class="badge text-danger badge-primary"
href="{% url "account:article-delete" article.pk %}">Delete Article</a>
{% endif %}
#My Html Delete page
<div class="col-md-8 text-center mx-auto">
<div class="card card-danger">
<div class="card-header">
<h3 class="card-title">Delete Article</h3>
</div>
<div class="card-body py-4">
<form method="post">{% csrf_token %}
<p class="py-2">Are you sure you want to delete "{{ object }}" written by
"{{ object.author.get_full_name }}"?</p>
<input type="submit" value="Confirm" class="btn btn-danger">
</form>
</div>
</div>
</div>
这是有道理的,因为您的DeleteArticleAccessMixin从不删除某些内容。它只检查您的用户是否具有适当的访问权限。您可以从创建DeletionMixin的子类[Django-doc]。您还可以通过重写get_queryset:
from django.views.generic.edit importDeletionMixin
class ArticleDelete(DeletionMixin, DetailView):
model = Article
success_url = reverse_lazy('account:home')
template_name = 'registration/article_confirm_delete.html'
def get_queryset(self, *args, **kwargs):
qs = super().get_queryset(*args, **kwargs)
if self.request.user.is_superuser:
return qs
return qs.filter(
author=self.request.user
)