程序员经验分享-hwhale

在管理中添加用户时出现 Django AssertionError“sensitive_post_parameters 未收到 HttpRequest”

2024-04-20

我的 Django 1.5 应用程序(托管在 webfaction 上)中有自定义用户模型,我得到:

AssertionError at /admin/users/user/add/

sensitive_post_parameters didn't receive an HttpRequest. If you are decorating a classmethod, be sure to use @method_decorator.

在本地,它与 django 配合得很好runserver命令。(更新:它在本地工作,因为我在本地使用 Django 1.5.2,并且我在 webfaction 上安装了 Django 1.5.4,这是仅在 1.5.4 中引发的异常)

任何帮助表示赞赏。谢谢

这是跟踪:

Environment:


Request Method: GET
Request URL: http://lts-demo.hashcode.pw/admin/users/user/add/

Django Version: 1.5.4
Python Version: 2.7.5
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'south',
 'crumbs',
 'compressor',
 'apps.users',
 'apps.leaves',
 'apps.messaging')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware')


Traceback:
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/core/handlers/base.py" in get_response
  115.                         response = callback(request, *callback_args, **callback_kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/contrib/admin/options.py" in wrapper
  372.                 return self.admin_site.admin_view(view)(*args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/utils/decorators.py" in _wrapped_view
  91.                     response = view_func(request, *args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/views/decorators/cache.py" in _wrapped_view_func
  89.         response = view_func(request, *args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/contrib/admin/sites.py" in inner
  202.             return view(request, *args, **kwargs)
File "/home/mnazim/webapps/dcleh_lts/lib/python2.7/django/views/decorators/debug.py" in sensitive_post_parameters_wrapper
  68.               "sensitive_post_parameters didn't receive an HttpRequest. If you "

Exception Type: AssertionError at /admin/users/user/add/
Exception Value: sensitive_post_parameters didn't receive an HttpRequest. If you are decorating a classmethod, be sure to use @method_decorator.

编辑:添加模型和 admin.py

这是用户/models.py

from django.conf import settings
from django.db import models
from django.contrib.auth.models import (AbstractBaseUser,
                                        BaseUserManager,
                                        Group, Permission,
                                        _user_has_module_perms,
                                        _user_has_perm)
from django.utils.translation import ugettext_lazy as _
from django.utils import timezone

from apps.helpers import values_to_choices, choices_to_values

class User(AbstractBaseUser):
    username = models.CharField(max_length=128, unique=True)
    email = models.CharField(_('email address'), max_length=256, unique=True)
    name = models.CharField(max_length=512, blank=True)
    mobile_no = models.CharField(_('mobile number'), max_length=10)

    department = models.CharField(max_length=512)
    post = models.CharField(max_length=512)
    posting_location = models.CharField(max_length=512)
    district = models.CharField(max_length=16, choices=DISTRICT_CHOICES)

    can_recommend_leaves = models.BooleanField(default=True, help_text='Designates whether user can recommend leaves')
    can_approve_leaves = models.BooleanField(default=False, help_text='Designates whether user can approve leaves')

    is_staff = models.BooleanField(_('staff status'), default=False,
        help_text=_('Designates whether the user can log into this admin '
                    'site.'))
    is_active = models.BooleanField(_('active'), default=True,
        help_text=_('Designates whether this user should be treated as '
                    'active. Unselect this instead of deleting accounts.'))
    is_superuser = models.BooleanField(_('superuser status'), default=False,
        help_text=_('Designates that this user has all permissions without '
                    'explicitly assigning them.'))
    date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
    groups = models.ManyToManyField(Group, verbose_name=_('groups'), 
        related_name='users',
        blank=True, help_text=_('The groups this user belongs to. A user will '
                                'get all permissions granted to each of '
                                'his/her group.'))
    user_permissions = models.ManyToManyField(Permission,
        related_name='users',
        verbose_name=_('user permissions'), blank=True,
        help_text='Specific permissions for this user.')

    objects = UserManager()

    USERNAME_FIELD = 'username'
    REQUIRED_FIELDS = ['email']

    class Meta:
        verbose_name = _('user')
        verbose_name_plural = _('users')
        db_table = 'users'

    def __unicode__(self):
        return "%s - %s(%s)" % (self.name, self.post, self.department)
        return self.name or self.username

    def get_absolute_url(self):
        return "/~%s/" % (self.username)

    def get_full_name(self):
        return self.name

    def get_short_name(self):
        "Returns the short name for the user."
        return self.name

    def get_group_permissions(self, obj=None):
        """
        Returns a list of permission strings that this user has through his/her
        groups. This method queries all available auth backends. If an object
        is passed in, only permissions matching this object are returned.
        """
        permissions = set()
        for backend in auth.get_backends():
            if hasattr(backend, "get_group_permissions"):
                if obj is not None:
                    permissions.update(backend.get_group_permissions(self,
                                                                     obj))
                else:
                    permissions.update(backend.get_group_permissions(self))
        return permissions

    def get_all_permissions(self, obj=None):
        return _user_get_all_permissions(self, obj)

    def has_perm(self, perm, obj=None):
        """
        Returns True if the user has the specified permission. This method
        queries all available auth backends, but returns immediately if any
        backend returns True. Thus, a user who has permission from a single
        auth backend is assumed to have permission in general. If an object is
        provided, permissions for this specific object are checked.
        """

        # Active superusers have all permissions.
        if self.is_active and self.is_superuser:
            return True

        # Otherwise we need to check the backends.
        return _user_has_perm(self, perm, obj)

    def has_perms(self, perm_list, obj=None):
        """
        Returns True if the user has each of the specified permissions. If
        object is passed, it checks if the user has all required perms for this
        object.
        """
        for perm in perm_list:
            if not self.has_perm(perm, obj):
                return False
        return True

    def has_module_perms(self, app_label):
        """
        Returns True if the user has any permissions in the given app label.
        Uses pretty much the same logic as has_perm, above.
        """
        # Active superusers have all permissions.
        if self.is_active and self.is_superuser:
            return True

        return _user_has_module_perms(self, app_label)

    def email_user(self, subject, message, from_email=None):
        """
        Sends an email to this User.
        """
        send_mail(subject, message, from_email, [self.email])

这是用户/admin.py

from django.db import transaction
from django.contrib import admin
from django.contrib.auth.forms import (UserCreationForm, UserChangeForm,
    AdminPasswordChangeForm)
from django.utils.translation import ugettext, ugettext_lazy as _
from django.views.decorators.debug import sensitive_post_parameters
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_protect
from django.shortcuts import get_object_or_404
from django.utils.html import escape
from django.template.response import TemplateResponse
from django.contrib import messages
from django.http import HttpResponseRedirect, Http404

from .models import User
# Overridden UserChangeForm and UserCreationForm for customized User model
from .forms import UserChangeForm, UserCreationForm

csrf_protect_m = method_decorator(csrf_protect)


class UserAdmin(admin.ModelAdmin):
    add_form_template = 'admin/auth/user/add_form.html'
    change_user_password_template = None
    #fieldsets = (
        #(None, {'fields': ('username', 'password')}),
        #(_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
        #(_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
                                       #'groups', 'user_permissions')}),
        #(_('Important dates'), {'fields': ('last_login', 'date_joined')}),
    #)
    add_fieldsets = (
        (None, {
            'classes': ('wide',),
            'fields': ('username', 'password1', 'password2', 'email')}
        ),
    )
    form = UserChangeForm
    add_form = UserCreationForm
    change_password_form = AdminPasswordChangeForm
    list_display = ('name', 'username', 'email', 'is_staff')
    list_filter = ('is_staff', 'is_superuser', 'is_active', 'groups')
    search_fields = ('name', 'username', 'first_name', 'last_name', 'email')
    ordering = ('username',)
    filter_horizontal = ('groups', 'user_permissions',)

    def get_fieldsets(self, request, obj=None):
        if not obj:
            return self.add_fieldsets
        return super(UserAdmin, self).get_fieldsets(request, obj)

    def get_form(self, request, obj=None, **kwargs):
        """
        Use special form during user creation
        """
        defaults = {}
        if obj is None:
            defaults.update({
                'form': self.add_form,
                'fields': admin.util.flatten_fieldsets(self.add_fieldsets),
            })
        defaults.update(kwargs)
        return super(UserAdmin, self).get_form(request, obj, **defaults)

    def get_urls(self):
        from django.conf.urls import patterns
        return patterns('',
            (r'^(\d+)/password/$',
             self.admin_site.admin_view(self.user_change_password))
        ) + super(UserAdmin, self).get_urls()

    def lookup_allowed(self, lookup, value):
        # See #20078: we don't want to allow any lookups involving passwords.
        if lookup.startswith('password'):
            return False
        return super(UserAdmin, self).lookup_allowed(lookup, value)

    @sensitive_post_parameters()
    @csrf_protect_m
    @transaction.commit_on_success
    def add_view(self, request, form_url='', extra_context=None):
        # It's an error for a user to have add permission but NOT change
        # permission for users. If we allowed such users to add users, they
        # could create superusers, which would mean they would essentially have
        # the permission to change users. To avoid the problem entirely, we
        # disallow users from adding users if they don't have change
        # permission.
        if not self.has_change_permission(request):
            if self.has_add_permission(request) and settings.DEBUG:
                # Raise Http404 in debug mode so that the user gets a helpful
                # error message.
                raise Http404(
                    'Your user does not have the "Change user" permission. In '
                    'order to add users, Django requires that your user '
                    'account have both the "Add user" and "Change user" '
                    'permissions set.')
            raise PermissionDenied
        if extra_context is None:
            extra_context = {}
        username_field = self.model._meta.get_field(self.model.USERNAME_FIELD)
        defaults = {
            'auto_populated_fields': (),
            'username_help_text': username_field.help_text,
        }
        extra_context.update(defaults)
        return super(UserAdmin, self).add_view(request, form_url,
                                               extra_context)

    @sensitive_post_parameters()
    def user_change_password(self, request, id, form_url=''):
        if not self.has_change_permission(request):
            raise PermissionDenied
        user = get_object_or_404(self.queryset(request), pk=id)
        if request.method == 'POST':
            form = self.change_password_form(user, request.POST)
            if form.is_valid():
                form.save()
                msg = ugettext('Password changed successfully.')
                messages.success(request, msg)
                return HttpResponseRedirect('..')
        else:
            form = self.change_password_form(user)

        fieldsets = [(None, {'fields': list(form.base_fields)})]
        adminForm = admin.helpers.AdminForm(form, fieldsets, {})

        context = {
            'title': _('Change password: %s') % escape(user.get_username()),
            'adminForm': adminForm,
            'form_url': form_url,
            'form': form,
            'is_popup': '_popup' in request.REQUEST,
            'add': True,
            'change': False,
            'has_delete_permission': False,
            'has_change_permission': True,
            'has_absolute_url': False,
            'opts': self.model._meta,
            'original': user,
            'save_as': False,
            'show_save': True,
        }
        return TemplateResponse(request,
            self.change_user_password_template or
            'admin/auth/user/change_password.html',
            context, current_app=self.admin_site.name)

    def response_add(self, request, obj, post_url_continue=None):
        """
        Determines the HttpResponse for the add_view stage. It mostly defers to
        its superclass implementation but is customized because the User model
        has a slightly different workflow.
        """
        # We should allow further modification of the user just added i.e. the
        # 'Save' button should behave like the 'Save and continue editing'
        # button except in two scenarios:
        # * The user has pressed the 'Save and add another' button
        # * We are adding a user in a popup
        if '_addanother' not in request.POST and '_popup' not in request.POST:
            request.POST['_continue'] = 1
        return super(UserAdmin, self).response_add(request, obj,
                                                   post_url_continue)

admin.site.register(User, UserAdmin)

错误信息非常清楚。

If you are decorating a classmethod, be sure to use @method_decorator.

在您的情况下,任何使用的模型管理方法sensitive_post_parameters装饰者应该使用method_decorator https://docs.djangoproject.com/en/1.5/ref/utils/#django.utils.decorators.method_decorator。例如:

from django.utils.decorators import method_decorator

class UserAdmin(admin.ModelAdmin):
    ...

    @method_decorator(sensitive_post_parameters())
    @csrf_protect_m
    @transaction.commit_on_success
    def add_view(self, request, form_url='', extra_context=None):
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)

django

djangoadmin

在管理中添加用户时出现 Django AssertionError“sensitive_post_parameters 未收到 HttpRequest” 的相关文章

  • Phonegap 中使用 AJAX 的 CSRF 令牌

    我正在开发一个应用程序Phonegap使用 Django 后端 后端使用csrf 所以我需要我的Phonegap要使用的应用程序csrf所以它可以与Django 我读到你可以使用csrf通过Ajax 但我没能让它工作 您能举个例子告诉我我该

  • Django 组和权限。扩展组以拥有 FK?

    我正在开发一种产品 允许不同的学校在线管理他们的内容 其中一部分涉及设置我自己编写的基于角色的访问控制逻辑 本质上 每所学校都有自己的一组角色 这些角色拥有自己的一组权限 该软件的用户在任何给定时间都可能属于多个具有不同角色的学校 由于各种

  • 检查 Django 模板内的权限

    我可以在 Django 模板内使用 Auth 应用程序的权限检查吗 我想在模板末尾为特权用户显示一个简单的表单 更重要的是 我应该这样做还是这不是 Django 方式 如果您要检查模板中的权限 以下代码就足够了 if perms app l

  • 如何在没有 RawSQL 的情况下在 Django 中创建和访问正则表达式捕获组?

    如何在不使用 RawSQL 的情况下使用 Regex 捕获组注释 Django 查询集 以便稍后可以使用该值进行过滤和排序 例如 在 PostgreSQL 中我可以进行以下查询 CREATE TABLE foo id varchar 100

  • 当您的应用程序具有测试目录时,在 Django 中运行特定的测试用例

    Django 文档 http docs djangoproject com en 1 3 topics testing running tests http docs djangoproject com en 1 3 topics test

  • 继承时字段冲突

    我有以下简化的模型结构 common models py class CLDate models Model active models BooleanField default True last modified models Date

  • Django ModelForm 不保存数据

    我已经尝试过以下帖子中的解决方案 从 ModelForm 保存数据 https stackoverflow com questions 13046488 saving data from modelform 没起作用 ModelForm数据

  • 在 docker 中使用 selenium 运行 django 测试

    为了执行测试 我通常运行一个单独的容器 docker compose run rm web bin bash 其中web是django的容器 我不时从 shell 执行 py test 为了能够使用 django 从容器访问 seleniu

  • 了解 django admin readonly_fields

    我创建了一些代码来区分 Django admin 中的两个用户组 从而导致显示所有字段为只读或仅显示其中的一些字段 这些字段直接在 ModelAdmin 类中设置 首先这是代码 class PersonAdmin admin ModelAd

  • 向 ModelForm 添加额外字段

    我正在向 Django ModelForm 添加一个额外的字段 如下所示 class form forms ModelForm extra field forms CharField label Name of Institution cl

  • Django 管理中的嵌套内联?

    好吧 我有一个相当简单的设计 class Update models Model pub date models DateField title models CharField max length 512 class Post mode

  • Cookie 未存储在浏览器中

    与 一起工作Next js and Django Rest Framework 我正在使用 JWT 对用户进行身份验证 首先 当用户成功登录页面时 会将 cookie 包含 JWT 令牌 发送到浏览器 当用户尝试访问特定页面时 此 cook

  • 将自定义字段添加到 Django 中的 auth_user 表

    目前我创建了另一个类 表名为MyAppUser我的自定义列 例如地址和电话号码 具有 Django 身份验证的外键User 像这样的东西 from django db import models from django contrib au

  • 日期/时间值的 Django URL 转换器

    我正在尝试使用 Django 内置的 URL 转换器将 URL 中的日期时间字符串转换为视图中的日期对象 如果我手动输入 URL 它们会按预期工作 但尝试为其生成 URL 时找不到匹配项 我的转换器很简单 from django utils

  • Django/gevent socket.IO 与 redis pubsub。我把东西放在哪里?

    我有一个独立的 python 脚本 它只是从 Twitter 的流 API 捕获数据 然后在收到每条消息时 使用 redis pubsub 将其发布到频道 tweets 这是该脚本 def main username username pa

  • Django模型错误超出最大递归深度

    我正在关注这个guide http www acedevs com blog 2011 07 25 quick qr codes django 保存时出现以下错误 RuntimeError at admin products product

  • 集成共享同一个 MySQL 数据存储的 Django 和 Rails 应用程序的最佳方式是什么?

    我将在网络上与 Python 开发人员合作 应用 我将用 Ruby 构建其中的一部分 而他正在 将使用 Django 构建它的另一部分 我不太了解 姜戈 我集成这两部分的计划是简单地映射某个 URL Python 的路径前缀 例如 以 se

  • 在 Django 中使用多处理时,应用程序尚未加载,出现异常

    我正在做一个 Django 项目并尝试提高后端的计算速度 该任务类似于 CPU 限制的转换过程 这是我的环境 Python 3 6 1 姜戈 1 10 PostgreSQL 9 6 当我尝试通过 python 多处理库并行计算 API 时

  • 没有名为 urllib.parse 的模块(我应该如何安装它?)

    我正在尝试在 CentOS 7 上运行 REST API 我读到 urllib parse is in Python 3 但我使用的是 Python 2 7 5 所以我不知道如何安装此模块 我安装了所有要求 但仍然无法运行该项目 当我寻找

  • NumPy 数组不可 JSON 序列化

    创建 NumPy 数组并将其保存为 Django 上下文变量后 加载网页时收到以下错误 array 0 239 479 717 952 1192 1432 1667 dtype int64 is not JSON serializable

随机推荐

热门标签