Django AssertionError“sensitive_post_parameters”没有收到一个HttpRequest“在管理员中添加用户 [英] Django AssertionError "sensitive_post_parameters didn't receive an HttpRequest" on add users in admin
本文介绍了Django AssertionError“sensitive_post_parameters”没有收到一个HttpRequest“在管理员中添加用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
AssertionError at / admin / users / user / add /
sensitive_post_parameters没有收到HttpRequest。如果你正在装饰一个类方法,一定要使用@method_decorator。
本地使用django runserver 命令。(更新:在本地工作,因为我在本地使用Django 1.5.2,并且在webfaction上安装了Django 1.5.4,而且这种异常仅在1.5.4 中提出)
任何帮助都不胜感激。谢谢
这是跟踪:
环境:
请求方法:GET
请求URL:http://lts-demo.hashcode.pw/admin/users/user/add/
Django版本:1.5.4
Python版本:2.7.5
已安装的应用程序:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django ,
'south,
'crumbs',
'compress',
'apps.users',
'apps.leaves'
'apps.messaging')
安装的中间件:
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMid dleware')
追溯:
文件/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/core/handlers/base.pyin get_response
115. response = callback(request,* callback_args,** callback_kwargs)
文件/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/contrib/admin/options.py在包装中
372. return self.admin_site.admin_view(view)(* args,** kwargs)
文件/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/utils/ _wrapped_view
91. decorator.pyresponse = view_func(request,* args,** kwargs)
文件/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/views/ _wrapped_view_func
89. decorator / cache.pyresponse = view_func(request,* args,** kwargs)
文件/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/内部
202中的contrib / admin / sites.pyreturn view(request,* args,** kwargs)
文件/home/mnazim/webapps/dcleh_lts/lib/python2.7/dj ango / views / decorators / debug.py在sensitive_post_parameters_wrapper
68.sensitive_post_parameters没有收到一个HttpRequest。如果你
异常类型:AssertionError at / admin / users / user / add /
异常值:sensitive_post_parameters没有收到一个HttpRequest如果你正在装饰一个类方法,一定要使用@method_decorator
编辑:添加模型和管理员.py
这是用户/ models.py
从django导入设置
从django.db导入模型
从django.contrib.auth.models导入(AbstractBaseUser,
BaseUserManager,
组,权限,
_user_has_module_perms,
_user_has_perm)
from django.utils.translation import ugettext_lazy as _
from django.utils import timezone
from apps.helpers import values_to_choices,choices_to_values
class User(AbstractBaseUser):
username = models.CharField(max_length = 128,unique = True)
email = models.CharField(_('email address'),max_length = 256,unique = True)
name = models.CharField(max_length = 512,blank = True)
mobile_no = models.CharField(_('mobile number'),max_length = 10)
department = models.CharField(max_length = 512)
post = models.CharField(max_length = 512)
posting_location = models.CharField(max_length = 512)
district = models.CharField(max_length = 16,choices = DISTRICT_CHOICES)
can_recommend_leaves = models.BooleanField(default = True,help_text ='指定用户是否可以推荐叶子')
can_approve_leaves = models.BooleanField(default = False,help_text ='指定用户是否可以批准叶子)
is_staff = models.BooleanField(_('staff status'),default = False,
help_text = _('指定用户是否可以登录此管理员'
'站点') )
is_ac tive = models.BooleanField(_('active'),default = True,
help_text = _('指定该用户是否应该被视为'
'活动。取消选择而不是删除帐户'))
is_superuser = models.BooleanField(_('superuser status'),default = False,
help_text = _('指定此用户具有所有权限,
$ b date_joined = models.DateTimeField(_('date joined'),default = timezone.now)
groups = models.ManyToManyField(Group,verbose_name = _('groups'),
related_name ='users',
blank = True,help_text = _('该用户所属的组'用户将'
'获得所有权限每个'
'他/她的组。'))
user_permissions = models.ManyToManyField(Permission,
related_name ='users',
verbose_name = _('user permissions '),blank = True,
help_text ='该用户的具体权限')
objects = UserManager()
USERNAME_FIELD ='username'
REQUIRED_FIELDS = ['email']
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users ')
db_table ='users'
def __unicode __(self):
return%s - %s(%s)%(self.name,self.post ,self.department)
return self.name或self.username
def get_absolute_url(self):
return/〜%s /%(self.username)
def get_full_name(self):
return self.name
def get_short_name(self):
返回用户的短名称。
return self.name
def get_group_permissions(self,obj = None):
返回此用户拥有的权限字符串列表,她的
组,这个方法查询所有可用的auth后端,如果一个对象
被传入,则只返回与该对象匹配的权限
permissions = set()
在auth.get_backends()中的后端:
如果hasattr(后端,get_group_permissions):
如果obj不是无:
permissions.update(backend.get_group_permissions(self ,
obj))
else:
permissions.update(backend.get_group_permissions(self))
返回权限
def get_all_permissions(self,obj =没有):
返回_user_get_all_permissions(self,obj)
def has_perm(self ,perm,obj = None):
如果用户具有指定的权限,则返回True。此方法
查询所有可用的验证后端,但如果
后端返回True,则立即返回。因此,具有来自单个
验证后端的许可的用户被假定为具有一般的许可。如果一个对象是
,那么将检查此特定对象的权限。
#活动超级用户具有所有权限
如果self.is_active和self.is_superuser:
返回True
#
return _user_has_perm(self,perm,obj)
def has_perms(self,perm_list,obj = None):
如果用户具有每个指定的权限,则返回True。如果
对象被传递,它将检查用户是否具有此
对象的所有必需的perms。
perm_list中的perm:
如果不是self.has_perm(perm,obj):
return False
return True
def has_module_perms(self,app_label):
如果用户在给定的应用标签中具有任何权限,则返回True。
使用与上述has_perm相同的逻辑。
#活动超级用户具有所有权限
如果self.is_active和self.is_superuser:
返回True
返回_user_has_module_perms(self, app_label)
def email_user(self,subject,message,from_email = None):
发送电子邮件给该用户。
send_mail(subject,message,from_email,[self.email])
这是用户/ admin.py
from django.db import transaction
from django.contrib import来自django.contrib.auth.forms导入的admin
(UserCreationForm,UserChangeForm,
AdminPasswordChangeForm)
from django.utils.translation import ugettext,ugettext_lazy as _
from django.views。从django.views.decorators.csrf导入的django.utils.decorators导入method_decorator
导入来自django.shortcuts的
导入get_object_or_404 $ d $ d
从django.utils。 html import escape
from django.template.response import TemplateResponse
from django.contrib import message
from django.http import HttpResponseRedirect,Http404
$ b从.models导入用户
#覆盖UserChangeForm和UserCreationForm用于自定义用户模型
from .forms i mport UserChangeForm,UserCreationForm
csrf_protect_m = method_decorator(csrf_protect)
class UserAdmin(admin.ModelAdmin):
add_form_template ='admin / auth / user /add_form.html'
change_user_password_template =无
#fieldsets =(
#(无,{'fields':('username','password')}),
# (_('个人信息'),{'fields':('first_name','last_name','email')}),
#(_('Permissions'),{'fields' is_active','is_staff','is_superuser',
#'groups','user_permissions')}),
#(_('Important dates'),{'fields':('last_login' ,'date_joined')}),
#)
add_fieldsets =(
(无,{
'classes':('wide',),
' ':('username','password1','password2','email')}
),
)
form = U serChangeForm
add_form = UserCreationForm
change_password_form = AdminPasswordChangeForm
list_display =('name','username','email','is_staff')
list_filter =('is_staff','
search_fields =('name','username','first_name','last_name','email')
ordering =('username',)
filter_horizontal =('groups','user_permissions')
def get_fieldsets(self,request,obj = None):
如果不是obj:
return self .add_fieldsets
return super(UserAdmin,self).get_fieldsets(request,obj)
def get_form(self,request,obj = None,** kwargs):
在创建用户时使用特殊表单
defaults = {}
如果obj为None:
defaults.update({
'form ':self.add_form,
'f ields':admin.util.flatten_fieldsets(self.add_fieldsets),
})
defaults.update(kwargs)
返回超级(UserAdmin,self).get_form(request,obj,**默认值
def get_urls(self):
from django.conf.urls import patterns
return patterns('',
(r'^(\d + )/ password / $',
self.admin_site.admin_view(self.user_change_password))
)+ super(UserAdmin,self).get_urls()
def lookup_allowed ,查找,值):
#参见#20078:我们不希望允许任何涉及密码的查找。
如果lookup.startswith('password'):
return False
返回超级(UserAdmin,self).lookup_allowed(lookup,value)
@sensitive_post_parameters()
@csrf_protect_m
@ transaction.commit_on_success
def add_view(self,request,form_url ='',extra_context = None):
#用户有添加权限的错误但不会更改用户的
#权限。如果我们允许这样的用户添加用户,那么他们
#可以创建超级用户,这意味着他们基本上会有
#的权限来改变用户。为了完全避免这个问题,我们
#不允许用户添加用户,如果他们没有更改
#权限。
如果不是self.has_change_permission(请求):
如果self.has_add_permission(请求)和settings.DEBUG:
#在调试模式下升级Http404,以便用户获得有用的
# 错误信息。
raise Http404(
'您的用户没有更改用户权限,在'
'订单添加用户,Django要求您的用户
'帐户都有
raise PermissionDenied
如果extra_context为None:
extra_context = {}
username_field =
权限设置为$添加用户 self.model._meta.get_field(self.model.USERNAME_FIELD)
defaults = {
'auto_populated_fields':(),
'username_help_text':username_field.help_text,
}
extra_context.update(默认值)
返回超级(UserAdmin,self).add_view(request,form_url,
extra_context)
@sensitive_post_parameters()
def user_change_password(self,request,id,form_url =''):
如果不是self.has_change_permission(请求):
raise PermissionDenied
user = get_object_or_404(self.queryset(request),pk = id)
如果request.method =='POST':
form = self.change_password_form(user,request.POST)
如果form.is_valid():
form.save()
msg = ugettext('密码更改成功')
messages.success(request,msg)
return HttpResponseRedirect('..')
else:
form = self.change_password_form(user)
fieldsets = [(None,{'fields':list(form.base_fields)})]
adminForm = admin.helpers.AdminForm(form,fieldsets,{})
context = {
'title':_('更改密码:%s')%escape(user.get_username()),
'adminForm':adminForm,
'form_url':form_url,
'form':form ,
'is_popup':'_popup'in request.REQUEST,
'add':True,
'change':False,
'has_delete_permission':False,
'has_change_permission':True,
'has_absolute_url':False,
'opts':self.model._meta,
'original':user,
'save_as':False ,
'show_save':True,
}
返回TemplateResponse(请求,
self.change_user_password_template或
'admin / auth / user / change_password.html',
上下文,current_app = self.admin_site.name)
def response_add(self,request,obj,post_url_continue = None):
确定HttpResponse add_view阶段。它主要是以超级类实现
为前提,但是由于用户模型
的工作流程略有不同,因此被定制。
#我们应该允许进一步修改刚刚添加的用户,即
#保存按钮应该像保存并继续编辑
#按钮除外在两种情况下:
#*用户按下保存并添加其他按钮
#*我们正在添加一个弹出式窗口
中的用户,如果'_addanother'不在请求中.POST和'_popup'不在request.POST:
request.POST ['_ continue'] = 1
return super(UserAdmin,self).response_add(request,obj,
post_url_continue)
admin.site.register(User,UserAdmin)
解决方案
错误信息很清楚。
如果您正在装饰一个类方法,请务必使用@method_decorator
在您的情况下,使用 sensitive_p ost_parameters 装饰器应使用 method_decorator 。例如:
from django.utils.decorators import method_decorator
class UserAdmin(admin.ModelAdmin) :
...
@method_decorator(sensitive_post_parameters())
@csrf_protect_m
@ transaction.commit_on_success
def add_view(self,request,form_url = '',extra_context = None):
I have custom user model in my in Django 1.5 app(hosted on webfaction) and I am getting:
AssertionError at /admin/users/user/add/
sensitive_post_parameters didn't receive an HttpRequest. If you are decorating a classmethod, be sure to use @method_decorator.
Locally, it works fine with django runserver command.(Update: It was working locally because I was using Django 1.5.2 locally and I installed Django 1.5.4 on webfaction and this is exception is only raised in 1.5.4)
Any help is appreciated. Thanks
Here is the trace:
Environment:
Request Method: GET
Request URL: http://lts-demo.hashcode.pw/admin/users/user/add/
Django Version: 1.5.4
Python Version: 2.7.5
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'south',
'crumbs',
'compressor',
'apps.users',
'apps.leaves',
'apps.messaging')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware')
Traceback:
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/core/handlers/base.py" in get_response
115. response = callback(request, *callback_args, **callback_kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/contrib/admin/options.py" in wrapper
372. return self.admin_site.admin_view(view)(*args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/utils/decorators.py" in _wrapped_view
91. response = view_func(request, *args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/views/decorators/cache.py" in _wrapped_view_func
89. response = view_func(request, *args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/contrib/admin/sites.py" in inner
202. return view(request, *args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/views/decorators/debug.py" in sensitive_post_parameters_wrapper
68. "sensitive_post_parameters didn't receive an HttpRequest. If you "
Exception Type: AssertionError at /admin/users/user/add/
Exception Value: sensitive_post_parameters didn't receive an HttpRequest. If you are decorating a classmethod, be sure to use @method_decorator.
EDIT: Added models and admin.py
Here is users/models.py
from django.conf import settings
from django.db import models
from django.contrib.auth.models import (AbstractBaseUser,
BaseUserManager,
Group, Permission,
_user_has_module_perms,
_user_has_perm)
from django.utils.translation import ugettext_lazy as _
from django.utils import timezone
from apps.helpers import values_to_choices, choices_to_values
class User(AbstractBaseUser):
username = models.CharField(max_length=128, unique=True)
email = models.CharField(_('email address'), max_length=256, unique=True)
name = models.CharField(max_length=512, blank=True)
mobile_no = models.CharField(_('mobile number'), max_length=10)
department = models.CharField(max_length=512)
post = models.CharField(max_length=512)
posting_location = models.CharField(max_length=512)
district = models.CharField(max_length=16, choices=DISTRICT_CHOICES)
can_recommend_leaves = models.BooleanField(default=True, help_text='Designates whether user can recommend leaves')
can_approve_leaves = models.BooleanField(default=False, help_text='Designates whether user can approve leaves')
is_staff = models.BooleanField(_('staff status'), default=False,
help_text=_('Designates whether the user can log into this admin '
'site.'))
is_active = models.BooleanField(_('active'), default=True,
help_text=_('Designates whether this user should be treated as '
'active. Unselect this instead of deleting accounts.'))
is_superuser = models.BooleanField(_('superuser status'), default=False,
help_text=_('Designates that this user has all permissions without '
'explicitly assigning them.'))
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
groups = models.ManyToManyField(Group, verbose_name=_('groups'),
related_name='users',
blank=True, help_text=_('The groups this user belongs to. A user will '
'get all permissions granted to each of '
'his/her group.'))
user_permissions = models.ManyToManyField(Permission,
related_name='users',
verbose_name=_('user permissions'), blank=True,
help_text='Specific permissions for this user.')
objects = UserManager()
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users')
db_table = 'users'
def __unicode__(self):
return "%s - %s(%s)" % (self.name, self.post, self.department)
return self.name or self.username
def get_absolute_url(self):
return "/~%s/" % (self.username)
def get_full_name(self):
return self.name
def get_short_name(self):
"Returns the short name for the user."
return self.name
def get_group_permissions(self, obj=None):
"""
Returns a list of permission strings that this user has through his/her
groups. This method queries all available auth backends. If an object
is passed in, only permissions matching this object are returned.
"""
permissions = set()
for backend in auth.get_backends():
if hasattr(backend, "get_group_permissions"):
if obj is not None:
permissions.update(backend.get_group_permissions(self,
obj))
else:
permissions.update(backend.get_group_permissions(self))
return permissions
def get_all_permissions(self, obj=None):
return _user_get_all_permissions(self, obj)
def has_perm(self, perm, obj=None):
"""
Returns True if the user has the specified permission. This method
queries all available auth backends, but returns immediately if any
backend returns True. Thus, a user who has permission from a single
auth backend is assumed to have permission in general. If an object is
provided, permissions for this specific object are checked.
"""
# Active superusers have all permissions.
if self.is_active and self.is_superuser:
return True
# Otherwise we need to check the backends.
return _user_has_perm(self, perm, obj)
def has_perms(self, perm_list, obj=None):
"""
Returns True if the user has each of the specified permissions. If
object is passed, it checks if the user has all required perms for this
object.
"""
for perm in perm_list:
if not self.has_perm(perm, obj):
return False
return True
def has_module_perms(self, app_label):
"""
Returns True if the user has any permissions in the given app label.
Uses pretty much the same logic as has_perm, above.
"""
# Active superusers have all permissions.
if self.is_active and self.is_superuser:
return True
return _user_has_module_perms(self, app_label)
def email_user(self, subject, message, from_email=None):
"""
Sends an email to this User.
"""
send_mail(subject, message, from_email, [self.email])
Here is users/admin.py
from django.db import transaction
from django.contrib import admin
from django.contrib.auth.forms import (UserCreationForm, UserChangeForm,
AdminPasswordChangeForm)
from django.utils.translation import ugettext, ugettext_lazy as _
from django.views.decorators.debug import sensitive_post_parameters
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_protect
from django.shortcuts import get_object_or_404
from django.utils.html import escape
from django.template.response import TemplateResponse
from django.contrib import messages
from django.http import HttpResponseRedirect, Http404
from .models import User
# Overridden UserChangeForm and UserCreationForm for customized User model
from .forms import UserChangeForm, UserCreationForm
csrf_protect_m = method_decorator(csrf_protect)
class UserAdmin(admin.ModelAdmin):
add_form_template = 'admin/auth/user/add_form.html'
change_user_password_template = None
#fieldsets = (
#(None, {'fields': ('username', 'password')}),
#(_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
#(_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
#'groups', 'user_permissions')}),
#(_('Important dates'), {'fields': ('last_login', 'date_joined')}),
#)
add_fieldsets = (
(None, {
'classes': ('wide',),
'fields': ('username', 'password1', 'password2', 'email')}
),
)
form = UserChangeForm
add_form = UserCreationForm
change_password_form = AdminPasswordChangeForm
list_display = ('name', 'username', 'email', 'is_staff')
list_filter = ('is_staff', 'is_superuser', 'is_active', 'groups')
search_fields = ('name', 'username', 'first_name', 'last_name', 'email')
ordering = ('username',)
filter_horizontal = ('groups', 'user_permissions',)
def get_fieldsets(self, request, obj=None):
if not obj:
return self.add_fieldsets
return super(UserAdmin, self).get_fieldsets(request, obj)
def get_form(self, request, obj=None, **kwargs):
"""
Use special form during user creation
"""
defaults = {}
if obj is None:
defaults.update({
'form': self.add_form,
'fields': admin.util.flatten_fieldsets(self.add_fieldsets),
})
defaults.update(kwargs)
return super(UserAdmin, self).get_form(request, obj, **defaults)
def get_urls(self):
from django.conf.urls import patterns
return patterns('',
(r'^(\d+)/password/$',
self.admin_site.admin_view(self.user_change_password))
) + super(UserAdmin, self).get_urls()
def lookup_allowed(self, lookup, value):
# See #20078: we don't want to allow any lookups involving passwords.
if lookup.startswith('password'):
return False
return super(UserAdmin, self).lookup_allowed(lookup, value)
@sensitive_post_parameters()
@csrf_protect_m
@transaction.commit_on_success
def add_view(self, request, form_url='', extra_context=None):
# It's an error for a user to have add permission but NOT change
# permission for users. If we allowed such users to add users, they
# could create superusers, which would mean they would essentially have
# the permission to change users. To avoid the problem entirely, we
# disallow users from adding users if they don't have change
# permission.
if not self.has_change_permission(request):
if self.has_add_permission(request) and settings.DEBUG:
# Raise Http404 in debug mode so that the user gets a helpful
# error message.
raise Http404(
'Your user does not have the "Change user" permission. In '
'order to add users, Django requires that your user '
'account have both the "Add user" and "Change user" '
'permissions set.')
raise PermissionDenied
if extra_context is None:
extra_context = {}
username_field = self.model._meta.get_field(self.model.USERNAME_FIELD)
defaults = {
'auto_populated_fields': (),
'username_help_text': username_field.help_text,
}
extra_context.update(defaults)
return super(UserAdmin, self).add_view(request, form_url,
extra_context)
@sensitive_post_parameters()
def user_change_password(self, request, id, form_url=''):
if not self.has_change_permission(request):
raise PermissionDenied
user = get_object_or_404(self.queryset(request), pk=id)
if request.method == 'POST':
form = self.change_password_form(user, request.POST)
if form.is_valid():
form.save()
msg = ugettext('Password changed successfully.')
messages.success(request, msg)
return HttpResponseRedirect('..')
else:
form = self.change_password_form(user)
fieldsets = [(None, {'fields': list(form.base_fields)})]
adminForm = admin.helpers.AdminForm(form, fieldsets, {})
context = {
'title': _('Change password: %s') % escape(user.get_username()),
'adminForm': adminForm,
'form_url': form_url,
'form': form,
'is_popup': '_popup' in request.REQUEST,
'add': True,
'change': False,
'has_delete_permission': False,
'has_change_permission': True,
'has_absolute_url': False,
'opts': self.model._meta,
'original': user,
'save_as': False,
'show_save': True,
}
return TemplateResponse(request,
self.change_user_password_template or
'admin/auth/user/change_password.html',
context, current_app=self.admin_site.name)
def response_add(self, request, obj, post_url_continue=None):
"""
Determines the HttpResponse for the add_view stage. It mostly defers to
its superclass implementation but is customized because the User model
has a slightly different workflow.
"""
# We should allow further modification of the user just added i.e. the
# 'Save' button should behave like the 'Save and continue editing'
# button except in two scenarios:
# * The user has pressed the 'Save and add another' button
# * We are adding a user in a popup
if '_addanother' not in request.POST and '_popup' not in request.POST:
request.POST['_continue'] = 1
return super(UserAdmin, self).response_add(request, obj,
post_url_continue)
admin.site.register(User, UserAdmin)
解决方案
The error message is pretty clear.
If you are decorating a classmethod, be sure to use @method_decorator.
In your case, any model admin methods that use the sensitive_post_parameters decorator should use method_decorator. For example:
from django.utils.decorators import method_decorator
class UserAdmin(admin.ModelAdmin):
...
@method_decorator(sensitive_post_parameters())
@csrf_protect_m
@transaction.commit_on_success
def add_view(self, request, form_url='', extra_context=None):
这篇关于Django AssertionError“sensitive_post_parameters”没有收到一个HttpRequest“在管理员中添加用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
