抑制“？next = blah” django的login_required装饰器中的行为 [英] Suppress "?next=blah" behavior in django's login_required decorator

问题描述

我喜欢django的@login_required装饰器，但有一件事我无法弄清楚如何做到这一点。

I love django's @login_required decorator, but there's one thing I can't figure out how to make it do.

如果未经身份验证的用户尝试访问@login_required页面（例如/ private-stuff /），我想踢他们回到主页（例如/ home /）。但是我不想在url中附加一个？next =参数。换句话说，我只想重定向到/ home /，而不是/ home /？next = / private-stuff /\".

If an unauthenticated user tries visits a @login_required page (e.g. "/private-stuff/"), I want to kick them back to the home page (e.g. "/home/"). But I don't want to append a "?next=" argument to the url. In other words, I just want to redirect to "/home/", not "/home/?next=/private-stuff/".

我该怎么做那？有没有比编写自己的装饰器更好的方法？

How can I do that? Is there a better way than just writing my own decorator?

推荐答案

嗯，有两种方法可以想到。首先，将是正确的方式，因为您没有破坏任何功能，只添加新功能：创建自己的 login_required 装饰器。问题在于，Django在登录功能之后，真正地将重定向卷起来，需要很多部件。 login_required 装饰器真的只是一个包裹在 user_passes_test 装饰器，后者又调用 redirect_to_login 视图，它是 视图添加 next param到querystring。在您的自定义装饰器中，您可以将所有或部分功能直接卷入装饰器，但您需要参考所有三个必需的代码。

Well, there's two ways that I can think of. First, would be the "correct" way, in the sense that you're not breaking any functionality, only adding new functionality: create your own login_required decorator. The problem though is that Django has really tucked the redirect after login functionality away, and it requires a lot of parts. The login_required decorator is really just a wrapper around the user_passes_test decorator, which in turn calls the redirect_to_login view, and it's that view that adds the next param to the querystring. In your custom decorator, you can roll all or some of this functionality straight into the decorator, but you'll need to reference all three for the necessary code.

其他，而且更简单的选择是创建一些中间件来删除querystring，如果它已设置：

The other, and far simpler option, is to create some middleware to remove the querystring if it's set:

from django.conf import settings
from django.http import HttpResponseRedirect

class RemoveNextMiddleware(object):
    def process_request(self, request):
        if request.path == settings.LOGIN_URL and request.GET.has_key('next'):
            return HttpResponseRedirect(settings.LOGIN_URL)

然后，将该中间件的导入路径添加到 MIDDLEWARE_CLASSES 。请记住，在请求阶段，中间件首先被处理为上一个或从上到下，换句话说。这在请求阶段应该比较早，但是您可能需要随身携带才能看到什么可以和不能到达。

And, then add the import path to that middleware to MIDDLEWARE_CLASSES. Remember that in the request phase, middleware is processed first to last or top-down, in other words. This should come relatively early in the request phase, but you may need to play around a bit with it to see what can and can't come before it.

唯一的这种方法的真正问题是，它打破下一个重定向功能，而不是以非常直观的方式，如果后来的开发人员继承您的代码库以及允许重定向的任务，那么它可能会有点flummoxing。

The only real problem with this method is that it "breaks" the next redirect functionality, and not in a very intuitive way, if a later developer inherits your codebase along with a mandate to allow the redirect, it might be a bit flummoxing.

这篇关于抑制“？next = blah” django的login_required装饰器中的行为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！