LoginRequiredMixin doesn't restrict not logged in user.

Sweetbarrow · August 26, 2022, 2:11am

I want to limit access of not logged in user.
So I use LoginRequiredMixin to the class based view inherited ListView.
But, still I can access to the view without log in.
Here is my views.py code

views.py

class WeekScheduleListView(ListView, LoginRequiredMixin):
    model = Schedule
    paginate_by = 10
    template_name = "schedules/branch_schedule_list_week.html"
    login_url = reverse_lazy("users:login")

    def get_dates_of_week(self):
        year = self.kwargs["year"]
        week = self.kwargs["week"]
        dates_of_week = []
        for day in range(1, 8):
            dates_of_week.append(datetime.datetime.fromisocalendar(year, week, day))

        return dates_of_week

    def get_verbose_names(self):
        verbose_names = {}
        fields = self.model._meta.get_fields()
        for field in fields:
            if type(field) != ManyToOneRel:
                verbose_names[field.name] = field.verbose_name

        return verbose_names

    def get_queryset(self):
        object_list = []
        date_list = self.get_dates_of_week()

        if all(e in self.kwargs.keys() for e in ["branch", "year", "week"]):
            queryset = self.model.objects.filter(
                branch=self.kwargs["branch"],
                date__year=self.kwargs["year"],
                date__week=self.kwargs["week"],
            )

            maximum_period = int(
                Timetable.objects.filter(branch=self.kwargs["branch"])
                .order_by("-period")[0]
                .period
            )

            for period in range(1, maximum_period + 1):
                schedule_list = [period]
                schedules = queryset.filter(period=period)
                for date in date_list:
                    day_schedules = schedules.filter(date=date)
                    if len(day_schedules) == 0:
                        schedule_list.append("")
                    else:
                        schedule_list.append(day_schedules)
                object_list.append(schedule_list)

            return object_list
        else:
            return self.model.objects.all()

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        context["page_title"] = "Schedule List"
        context["branch"] = self.kwargs["branch"]
        context["year"] = self.kwargs["year"]
        context["week"] = self.kwargs["week"]
        context["dates_of_week"] = self.get_dates_of_week()
        context["verbose_names"] = self.get_verbose_names()

        return context

I didn’t change any of authentication backend except applying custom AUTH_USER_MODEL and I don’t know how to use it even after I read this

KenWhitesell · August 26, 2022, 2:28am

Due to the Method Resolution Order (MRO) in Python, the mixin classes must be specified before the base class, not after.

Sweetbarrow · August 26, 2022, 2:48am

Oh, it was simple problem.
Thanks.

Topic		Replies	Views
Restricting Views via LoginRequiredMixin and LoginRequiredMiddleware. Using Django	4	1557	December 20, 2021
Switch to toggle `LoginRequiredMixin` on/off Forms & APIs	11	1075	November 12, 2022
Why does LOGIN_REDIRECT_URL not work Mystery Errors	5	892	December 8, 2023
LoginRequiredMixin fired after user_passes_test Using Django	3	901	June 13, 2020
class MyView(MyMixin, FormView): and async Async/Channels	1	249	March 13, 2024

LoginRequiredMixin doesn't restrict not logged in user.

Related Topics