修复普通用户无法进入数据管理的问题
This commit is contained in:
@@ -33,6 +33,7 @@ ALLOWED_HOSTS = os.environ.get('DJANGO_ALLOWED_HOSTS', '127.0.0.1,localhost').sp
|
|||||||
# Application definition
|
# Application definition
|
||||||
|
|
||||||
INSTALLED_APPS = [
|
INSTALLED_APPS = [
|
||||||
|
'django_browser_reload',
|
||||||
'django.contrib.admin',
|
'django.contrib.admin',
|
||||||
'django.contrib.auth',
|
'django.contrib.auth',
|
||||||
'django.contrib.contenttypes',
|
'django.contrib.contenttypes',
|
||||||
@@ -49,6 +50,7 @@ MIDDLEWARE = [
|
|||||||
'django.middleware.security.SecurityMiddleware',
|
'django.middleware.security.SecurityMiddleware',
|
||||||
'whitenoise.middleware.WhiteNoiseMiddleware',
|
'whitenoise.middleware.WhiteNoiseMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
|
'django_browser_reload.middleware.BrowserReloadMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ from django.conf.urls.static import static
|
|||||||
from main.views import home as main_home
|
from main.views import home as main_home
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
|
path("__reload__/", include("django_browser_reload.urls")),
|
||||||
path('admin/', admin.site.urls),
|
path('admin/', admin.site.urls),
|
||||||
path('accounts/', include('accounts.urls', namespace='accounts')),
|
path('accounts/', include('accounts.urls', namespace='accounts')),
|
||||||
path('main/', include('main.urls', namespace='main')),
|
path('main/', include('main.urls', namespace='main')),
|
||||||
|
|||||||
BIN
db.sqlite3
BIN
db.sqlite3
Binary file not shown.
@@ -275,7 +275,7 @@
|
|||||||
<th>ID</th>
|
<th>ID</th>
|
||||||
<th>图片</th>
|
<th>图片</th>
|
||||||
<th>数据</th>
|
<th>数据</th>
|
||||||
<th>作者</th>
|
<th>录入人</th>
|
||||||
<th>操作</th>
|
<th>操作</th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
|||||||
@@ -491,13 +491,32 @@ def manage_page(request):
|
|||||||
from django.shortcuts import redirect
|
from django.shortcuts import redirect
|
||||||
return redirect("/accounts/login/")
|
return redirect("/accounts/login/")
|
||||||
|
|
||||||
if int(request.session.get("permission", 1)) != 0:
|
is_admin = int(request.session.get("permission", 1)) == 0
|
||||||
from django.shortcuts import redirect
|
if is_admin:
|
||||||
return redirect("/main/home/")
|
raw_results = search_all()
|
||||||
raw_results = search_all()
|
else:
|
||||||
# if not is_admin:
|
uid = str(session_user_id)
|
||||||
# uid = str(session_user_id)
|
raw_results = [r for r in search_all() if str(r.get("writer_id", "")) == uid]
|
||||||
# raw_results = [r for r in raw_results if str(r.get("writer_id", "")) == uid]
|
|
||||||
|
results = []
|
||||||
|
for r in raw_results:
|
||||||
|
try:
|
||||||
|
r_data = string_to_json(r.get("data", "{}"))
|
||||||
|
r_data["_id"] = r["id"]
|
||||||
|
r_data["_image"] = r.get("image", "")
|
||||||
|
results.append(r_data)
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return render(
|
||||||
|
request,
|
||||||
|
"elastic/manage.html",
|
||||||
|
{
|
||||||
|
"results": results,
|
||||||
|
"is_admin": is_admin,
|
||||||
|
"user_id": session_user_id,
|
||||||
|
},
|
||||||
|
)
|
||||||
# 规范化键,避免模板点号访问下划线前缀字段
|
# 规范化键,避免模板点号访问下划线前缀字段
|
||||||
results = []
|
results = []
|
||||||
for r in raw_results:
|
for r in raw_results:
|
||||||
|
|||||||
Reference in New Issue
Block a user