Browse Source
added decorator to the view so not authorized users cannot enter specific pages
newsletter
Esther Kleinhenz
5 years ago
1 changed files with 6 additions and 0 deletions
+ 6
- 0
application/views.py
View File
| @@ -4,6 +4,7 @@ from .models import Post | |||
| from .forms import PostForm | |||
| from django.shortcuts import redirect | |||
| from django.contrib.auth.decorators import login_required | |||
| from django.contrib.admin.views.decorators import staff_member_required | |||
| from django.contrib.auth import authenticate, login, logout | |||
| import logging | |||
| import mysite.settings | |||
| @@ -47,6 +48,7 @@ def post_detail(request, pk): | |||
| return render(request, 'post_detail.html', {'post': post}) | |||
| @login_required | |||
| @staff_member_required | |||
| def post_new(request): | |||
| if request.method == "POST": | |||
| form = PostForm(request.POST) | |||
| @@ -60,6 +62,7 @@ def post_new(request): | |||
| return render(request, 'post_edit.html', {'form': form}) | |||
| @login_required | |||
| @staff_member_required | |||
| def post_edit(request, pk): | |||
| post = get_object_or_404(Post, pk=pk) | |||
| if request.method == "POST": | |||
| @@ -74,18 +77,21 @@ def post_edit(request, pk): | |||
| return render(request, 'post_edit.html', {'form': form}) | |||
| @login_required | |||
| @staff_member_required | |||
| def post_draft_list(request): | |||
| posts = Post.objects.filter( | |||
| published_date__isnull=True).order_by('created_date') | |||
| return render(request, 'post_draft_list.html', {'posts': posts}) | |||
| @login_required | |||
| @staff_member_required | |||
| def post_publish(request, pk): | |||
| post = get_object_or_404(Post, pk=pk) | |||
| post.publish() | |||
| return redirect('post_detail', pk=pk) | |||
| @login_required | |||
| @staff_member_required | |||
| def post_remove(request, pk): | |||
| post = get_object_or_404(Post, pk=pk) | |||
| post.delete() | |||
Loading…