728x90
반응형
views.py - def hello_world
def hello_world(request):
if request.user.is_authenticated:
if request.method == "POST":
temp = request.POST.get('hello_world_input')
new_hello_world = HelloWorld()
new_hello_world.text = temp
new_hello_world.save()
return HttpResponseRedirect(reverse('accountapp:hello_world'))
else:
hello_world_list = HelloWorld.objects.all()
return render(request, 'accountapp/hello_world.html', context={'hello_world_list': hello_world_list})
else:
return HttpResponseRedirect(reverse('accountapp:login'))로그인 안하고 http://127.0.0.1:8000/accounts/hello_world/ 접속하려하면 막힌다.
(return HttpResponseRedirect(reverse('accountapp:login')))
*코드 가독성이 많이 떨어지는 것을 볼 수 있다. 데코레이터를 이용하자 (@)
@login_required
def hello_world(request):
if request.method == "POST":
temp = request.POST.get('hello_world_input')
new_hello_world = HelloWorld()
new_hello_world.text = temp
new_hello_world.save()
return HttpResponseRedirect(reverse('accountapp:hello_world'))
else:
hello_world_list = HelloWorld.objects.all()
return render(request, 'accountapp/hello_world.html', context={'hello_world_list': hello_world_list})
Change Info page도 로그인 안하고 접속이 가능한 상태다. 차단하자.
@method_decorator(login_required, 'get')
@method_decorator(login_required, 'post')
class AccountUpdateView(UpdateView):
model = User
context_object_name = 'target_user'
form_class = AccountUpdateForm
success_url = reverse_lazy('accountapp:hello_world')
template_name = 'accountapp/update.html'deleteview 도
@method_decorator(login_required, 'get')
@method_decorator(login_required, 'post')
class AccountDeleteView(DeleteView):
model = User
context_object_name = 'target_user'
success_url = reverse_lazy('accountapp:login')
template_name = 'accountapp/delete.html'
아직 자기가 주인인지를 확인하는 과정은 포함되지 않았다. 커스텀 데코레이터를 만들자.
accountapp/decorators.py 생성
from django.contrib.auth.models import User
from django.http import HttpResponseForbidden
def account_ownership_required(func):
def decorated(request, *args, **kwargs):
user = User.objects.get(pk=kwargs['pk'])
if not user == request.user:
return HttpResponseForbidden()
return func(request, *args, **kwargs)
return decorated
메서드 데코레이터 추가적용
@method_decorator(login_required, 'get')
@method_decorator(login_required, 'post')
@method_decorator(account_ownership_required, 'get')
@method_decorator(account_ownership_required, 'post')
class AccountUpdateView(UpdateView):
model = User
context_object_name = 'target_user'
form_class = AccountUpdateForm
success_url = reverse_lazy('accountapp:hello_world')
template_name = 'accountapp/update.html'
@method_decorator(login_required, 'get')
@method_decorator(login_required, 'post')
@method_decorator(account_ownership_required, 'get')
@method_decorator(account_ownership_required, 'post')
class AccountDeleteView(DeleteView):
model = User
context_object_name = 'target_user'
success_url = reverse_lazy('accountapp:login')
template_name = 'accountapp/delete.html'메서드 데코레이터가 너무 많은거 같으면 배열써서 줄일수도 있다.
has_ownership = [account_ownership_required, login_required]@method_decorator(has_ownership, 'get')
@method_decorator(has_ownership, 'post')
class AccountUpdateView(UpdateView):
model = User
context_object_name = 'target_user'
form_class = AccountUpdateForm
success_url = reverse_lazy('accountapp:hello_world')
template_name = 'accountapp/update.html'
@method_decorator(has_ownership, 'get')
@method_decorator(has_ownership, 'post')
class AccountDeleteView(DeleteView):
model = User
context_object_name = 'target_user'
success_url = reverse_lazy('accountapp:login')
template_name = 'accountapp/delete.html'
728x90
반응형
'웹 프로그래밍' 카테고리의 다른 글
| [pinterest clone (21)] superuser, media 관련설정 (0) | 2021.04.30 |
|---|---|
| 반응형 플러그인 모음 (0) | 2021.04.28 |
| [pinterest clone (19)] Bug fix (0) | 2021.04.28 |
| [pinterest clone (18)] DeleteView를 이용한 회원탈퇴 구현 (0) | 2021.04.28 |
| [pinterest clone (17)] UpdateView를 이용한 비밀번호 변경 구현 (0) | 2021.04.28 |