将所有视图限制为Django中经过身份验证的用户 [英] Restricting all the views to authenticated users in Django

问题描述

我是Django的新手，我正在一个项目，该项目具有一个登录页面作为其索引和一个注册页面.其余页面都必须限制为登录用户，如果未经身份验证的用户尝试访问他们，则必须将其重定向到登录页面.

I'm new to Django and I'm working on a project which has a login page as its index and a signup page. The rest of the pages all must be restricted to logged in users and if an unauthenticated user attempts to reach them, he/she must be redirected to the login page.

我看到 @login_required 装饰器会将单个视图限制为登录用户，但是有没有更好的方法来限制所有视图，并且只有少数视图可供未经身份验证的用户使用?

I see that @login_required decorator would make a single view restricted to logged in users but is there a better way to make all the views restricted and only a few available to unauthenticated users?

推荐答案

您可以编写中间件:

from django.contrib.auth.decorators import login_required

def login_exempt(view):
    view.login_exempt = True
    return view


class LoginRequiredMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        return self.get_response(request)

    def process_view(self, request, view_func, view_args, view_kwargs):
        if getattr(view_func, 'login_exempt', False):
            return

        if request.user.is_authenticated:
            return

        # You probably want to exclude the login/logout views, etc.

        return login_required(view_func)(request, *view_args, **view_kwargs)

您将中间件添加到您的 MIDDLEWARES 列表中，并使用 login_exempt 装饰您不想验证的视图.

You add the middleware to your MIDDLEWARES list and decorate the views you don't want authenticated with login_exempt.

这篇关于将所有视图限制为Django中经过身份验证的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！