post_new
, post_edit
, post_draft_list
, post_remove
and post_publish
views so that only logged-in users can access them. Django ships with some nice helpers for doing that, called decorators. Don't worry about the technicalities now; you can read up on these later. The decorator we want to use is shipped in Django in the module django.contrib.auth.decorators
and is called login_required
.blog/views.py
and add these lines at the top along with the rest of the imports:post_new
, post_edit
, post_draft_list
, post_remove
and post_publish
views (decorating them) like the following:http://127.0.0.1:8000/post/new/
. Notice the difference?If you just got the empty form, you are probably still logged in from the chapter on the admin-interface. Go tohttp://127.0.0.1:8000/admin/logout/
to log out, then go tohttp://127.0.0.1:8000/post/new
again.
post_edit
, post_remove
, post_draft_list
and post_publish
too.mysite/urls.py
add a url path('accounts/login/', views.LoginView.as_view(), name='login')
. So the file should now look similar to this:blog/templates/registration
and a file inside named login.html
:mysite/settings.py
:blog/templates/blog/base.html
and change it so the part between the <body>
tags looks like this:blog/templates/blog/base.html
like this:mysite/urls.py
pointing to Django's logout view (i.e. django.contrib.auth.views.logout
), like this: