Modified files
app/views.py
---
+++
@@ -1,3 +1,6 @@
+from typing import Any
+
+from django.db.models.query import QuerySet
from django.forms.models import BaseModelForm
from django.http import HttpResponse
from django.shortcuts import render
@@ -8,17 +11,21 @@
UpdateView,
DeleteView
)
+from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from app.models import Article
-class ArticleListView(ListView):
+class ArticleListView(LoginRequiredMixin, ListView):
template_name = "app/home.html"
model = Article
context_object_name = "articles"
+ def get_queryset(self) -> QuerySet[Any]:
+ return Article.objects.filter(creator=self.request.user).order_by("-created_at")
-class ArticleCreateView(CreateView):
+
+class ArticleCreateView(LoginRequiredMixin, CreateView):
template_name = "app/article_create.html"
model = Article
fields = ["title", "status", "content", "twitter_post"]
@@ -29,16 +36,22 @@
return super().form_valid(form)
-class ArticleUpdateView(UpdateView):
+class ArticleUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
template_name = "app/article_update.html"
model = Article
fields = ["title", "status", "content", "twitter_post"]
success_url = reverse_lazy("home")
context_object_name = "article"
+ def test_func(self) -> bool | None:
+ return self.request.user == self.get_object().creator
-class ArticleDeleteView(DeleteView):
+
+class ArticleDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
template_name = "app/article_delete.html"
model = Article
success_url = reverse_lazy("home")
- context_object_name = "article"+ context_object_name = "article"
+
+ def test_func(self) -> bool | None:
+ return self.request.user == self.get_object().creator