login_required() 完成以下工作:
- 如果用户未登录,则重定向到settings.LOGIN_URL,在Query String中传递当前绝对路径。例如: /accounts/login/?next=/polls/3/.
- 如果用户已登录,则正常执行view。在View的代码可假定用户已经登录。
一般,用户在成功认证后重定向的链接保存在query string的next参数。如果你想用其他参数名。login_required()中有可选的redirect_field_name参数。
注意:如果你设置了redirect_field_name,你可能还需要在你的login模板中做相应修改。因为保存重定向路径的模板上下文变量(template context variable)将使用参数 redirect_field_name的值作为key。
login_required() 还提供一个可选的 login_url 参数
注意:login_required修饰符不会检查user的is_active标志位。
访问限制 Limiting access to logged-in users that pass a test
Django提供一种简单的方式来判断用户是否具备某种权限: permission_required() 修饰符
一.login.html
{% extends "base.html" %} {% block title %} Login {% endblock %} {% block content %} <form action="." method="POST"> {% csrf_token %} {{ mensaje }} {{ form.as_p }} {% if next %} <input type="hidden" value="{{next}}" name="next"> {% else %} <input type="hidden" value="/" name="next"> {% endif %} <button class="btn btn-primary" type="submit"> Login </button> <h5>Registrarte <a href="/registro/">aquí</a></h5> </form> {% endblock %}
二.views.py
from django.shortcuts import render_to_response from django.template import RequestContext from demo.apps.ventas.models import producto from demo.apps.home.forms import ContactForm, LoginForm,RegisterForm from django.core.mail import EmailMultiAlternatives # Enviamos HTML from django.contrib.auth.models import User import django from demo.settings import URL_LOGIN from django.contrib.auth import login,logout,authenticate from django.http import HttpResponseRedirect # Paginacion en Django from django.core.paginator import Paginator,EmptyPage,InvalidPage from django.contrib.auth.decorators import login_required def index_view(request): return render_to_response('home/index.html',context_instance=RequestContext(request)) @login_required(login_url=URL_LOGIN) def about_view(request): version = django.get_version() mensaje = "Esto es un mensaje desde mi vista" ctx = {'msg':mensaje,'version':version} return render_to_response('home/about.html',ctx,context_instance=RequestContext(request)) def productos_view(request,pagina): lista_prod = producto.objects.filter(status=True) # Select * from ventas_productos where status = True paginator = Paginator(lista_prod,5) # Cuantos productos quieres por pagina? = 3 try: page = int(pagina) except: page = 1 try: productos = paginator.page(page) except (EmptyPage,InvalidPage): productos = paginator.page(paginator.num_pages) ctx = {'productos':productos} return render_to_response('home/productos.html',ctx,context_instance=RequestContext(request)) def singleProduct_view(request,id_prod): prod = producto.objects.get(id=id_prod) cats = prod.categorias.all() # Obteniendo las categorias del producto encontrado ctx = {'producto':prod,'categorias':cats} return render_to_response('home/SingleProducto.html',ctx,context_instance=RequestContext(request)) @login_required(login_url=URL_LOGIN) def contacto_view(request): info_enviado = False # Definir si se envio la informacion o no se envio email = "" titulo = "" texto = "" if request.method == "POST": formulario = ContactForm(request.POST) if formulario.is_valid(): info_enviado = True email = formulario.cleaned_data['Email'] titulo = formulario.cleaned_data['Titulo'] texto = formulario.cleaned_data['Texto'] # Configuracion enviando mensaje via GMAIL to_admin = 'alexexc2@gmail.com' html_content = "Informacion recibida de [%s] <br><br><br>***Mensaje****<br><br>%s"%(email,texto) msg = EmailMultiAlternatives('Correo de Contacto',html_content,'from@server.com',[to_admin]) msg.attach_alternative(html_content,'text/html') # Definimos el contenido como HTML msg.send() # Enviamos en correo else: formulario = ContactForm() ctx = {'form':formulario,'email':email,'titulo':titulo,'texto':texto,'info_enviado':info_enviado} return render_to_response('home/contacto.html',ctx,context_instance=RequestContext(request)) def login_view(request): mensaje = "" if request.user.is_authenticated(): return HttpResponseRedirect('/') else: if request.method == "POST": form = LoginForm(request.POST) if form.is_valid(): next = request.POST['next'] username = form.cleaned_data['username'] password = form.cleaned_data['password'] usuario = authenticate(username=username,password=password) if usuario is not None and usuario.is_active: login(request,usuario) return HttpResponseRedirect(next) else: mensaje = "usuario y/o password incorrecto" next = request.REQUEST.get('next') form = LoginForm() ctx = {'form':form,'mensaje':mensaje,'next':next} return render_to_response('home/login.html',ctx,context_instance=RequestContext(request)) def logout_view(request): logout(request) return HttpResponseRedirect('/') def register_view(request): form = RegisterForm() if request.method == "POST": form = RegisterForm(request.POST) if form.is_valid(): usuario = form.cleaned_data['username'] email = form.cleaned_data['email'] password_one = form.cleaned_data['password_one'] password_two = form.cleaned_data['password_two'] u = User.objects.create_user(username=usuario,email=email,password=password_one) u.save() # Guardar el objeto return render_to_response('home/thanks_register.html',context_instance=RequestContext(request)) else: ctx = {'form':form} return render_to_response('home/register.html',ctx,context_instance=RequestContext(request)) ctx = {'form':form} return render_to_response('home/register.html',ctx,context_instance=RequestContext(request))
三.login.html
{% extends "base.html" %} {% block title %} Login {% endblock %} {% block content %} <form action="." method="POST"> {% csrf_token %} {{ mensaje }} {{ form.as_p }} {% if next %} <input type="hidden" value="{{next}}" name="next"> {% else %} <input type="hidden" value="/" name="next"> {% endif %} <button class="btn btn-primary" type="submit"> Login </button> <h5>Registrarte <a href="/registro/">aquí</a></h5> </form> {% endblock %}