Browse Source

added decorator to the view so not authorized users cannot enter specific pages

newsletter
Esther Kleinhenz 6 years ago
parent
commit
9be60fb7a4
1 changed files with 6 additions and 0 deletions
  1. 6
    0
      application/views.py

+ 6
- 0
application/views.py View File

from .forms import PostForm from .forms import PostForm
from django.shortcuts import redirect from django.shortcuts import redirect
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth import authenticate, login, logout from django.contrib.auth import authenticate, login, logout
import logging import logging
import mysite.settings import mysite.settings
return render(request, 'post_detail.html', {'post': post}) return render(request, 'post_detail.html', {'post': post})


@login_required @login_required
@staff_member_required
def post_new(request): def post_new(request):
if request.method == "POST": if request.method == "POST":
form = PostForm(request.POST) form = PostForm(request.POST)
return render(request, 'post_edit.html', {'form': form}) return render(request, 'post_edit.html', {'form': form})


@login_required @login_required
@staff_member_required
def post_edit(request, pk): def post_edit(request, pk):
post = get_object_or_404(Post, pk=pk) post = get_object_or_404(Post, pk=pk)
if request.method == "POST": if request.method == "POST":
return render(request, 'post_edit.html', {'form': form}) return render(request, 'post_edit.html', {'form': form})


@login_required @login_required
@staff_member_required
def post_draft_list(request): def post_draft_list(request):
posts = Post.objects.filter( posts = Post.objects.filter(
published_date__isnull=True).order_by('created_date') published_date__isnull=True).order_by('created_date')
return render(request, 'post_draft_list.html', {'posts': posts}) return render(request, 'post_draft_list.html', {'posts': posts})


@login_required @login_required
@staff_member_required
def post_publish(request, pk): def post_publish(request, pk):
post = get_object_or_404(Post, pk=pk) post = get_object_or_404(Post, pk=pk)
post.publish() post.publish()
return redirect('post_detail', pk=pk) return redirect('post_detail', pk=pk)


@login_required @login_required
@staff_member_required
def post_remove(request, pk): def post_remove(request, pk):
post = get_object_or_404(Post, pk=pk) post = get_object_or_404(Post, pk=pk)
post.delete() post.delete()

Loading…
Cancel
Save