Browse Source
added decorator to the view so not authorized users cannot enter specific pages
newsletter
Esther Kleinhenz
5 years ago
1 changed files with 6 additions and 0 deletions
+ 6
- 0
application/views.py
View File
| from .forms import PostForm | from .forms import PostForm | ||||
| from django.shortcuts import redirect | from django.shortcuts import redirect | ||||
| from django.contrib.auth.decorators import login_required | from django.contrib.auth.decorators import login_required | ||||
| from django.contrib.admin.views.decorators import staff_member_required | |||||
| from django.contrib.auth import authenticate, login, logout | from django.contrib.auth import authenticate, login, logout | ||||
| import logging | import logging | ||||
| import mysite.settings | import mysite.settings | ||||
| return render(request, 'post_detail.html', {'post': post}) | return render(request, 'post_detail.html', {'post': post}) | ||||
| @login_required | @login_required | ||||
| @staff_member_required | |||||
| def post_new(request): | def post_new(request): | ||||
| if request.method == "POST": | if request.method == "POST": | ||||
| form = PostForm(request.POST) | form = PostForm(request.POST) | ||||
| return render(request, 'post_edit.html', {'form': form}) | return render(request, 'post_edit.html', {'form': form}) | ||||
| @login_required | @login_required | ||||
| @staff_member_required | |||||
| def post_edit(request, pk): | def post_edit(request, pk): | ||||
| post = get_object_or_404(Post, pk=pk) | post = get_object_or_404(Post, pk=pk) | ||||
| if request.method == "POST": | if request.method == "POST": | ||||
| return render(request, 'post_edit.html', {'form': form}) | return render(request, 'post_edit.html', {'form': form}) | ||||
| @login_required | @login_required | ||||
| @staff_member_required | |||||
| def post_draft_list(request): | def post_draft_list(request): | ||||
| posts = Post.objects.filter( | posts = Post.objects.filter( | ||||
| published_date__isnull=True).order_by('created_date') | published_date__isnull=True).order_by('created_date') | ||||
| return render(request, 'post_draft_list.html', {'posts': posts}) | return render(request, 'post_draft_list.html', {'posts': posts}) | ||||
| @login_required | @login_required | ||||
| @staff_member_required | |||||
| def post_publish(request, pk): | def post_publish(request, pk): | ||||
| post = get_object_or_404(Post, pk=pk) | post = get_object_or_404(Post, pk=pk) | ||||
| post.publish() | post.publish() | ||||
| return redirect('post_detail', pk=pk) | return redirect('post_detail', pk=pk) | ||||
| @login_required | @login_required | ||||
| @staff_member_required | |||||
| def post_remove(request, pk): | def post_remove(request, pk): | ||||
| post = get_object_or_404(Post, pk=pk) | post = get_object_or_404(Post, pk=pk) | ||||
| post.delete() | post.delete() |
Loading…