我有一个Django项目,我将用户扩展为使用OneToOneField获取配置文件.我正在使用CBV UpdateView,它允许用户更新他们的个人资料.他们访问的URL是../profile/ user/update.我遇到的问题是,如果用户键入其他用户名,他们可以编辑其他人员个人资料.如何限制UpdateView,以便经过身份验证的用户只能更新其配置文件.我试图做一些事情来确保user.get_username == profile.user但没有运气.
Models.py
from django.db import models
from django.contrib.auth.models import User
from django.db.models.signals import post_save
from django.core.urlresolvers import reverse
class Profile(models.Model):
# This field is required.
SYSTEM_CHOICES = (
('Xbox', 'Xbox'),
('PS4', 'PS4'),
)
system = models.CharField(max_length=5,
choices=SYSTEM_CHOICES,
default='Xbox')
user = models.OneToOneField(User)
slug = models.SlugField(max_length=50)
gamertag = models.CharField("Gamertag", max_length=50, blank=True)
f_name = models.CharField("First Name", max_length=50, blank=True)
l_name = models.CharField("Last Name", max_length=50, blank=True)
twitter = models.CharField("Twitter Handle", max_length=50, blank=True)
video = models.CharField("YouTube URL", max_length=50, default='JhBAc6DYiys', help_text="Only the …