2012-06-11 10:34:00 +02:00
|
|
|
|
====================
|
|
|
|
|
Single object mixins
|
|
|
|
|
====================
|
|
|
|
|
|
2016-01-24 22:26:11 +01:00
|
|
|
|
``SingleObjectMixin``
|
|
|
|
|
=====================
|
2012-08-11 08:07:15 +02:00
|
|
|
|
|
2012-06-11 10:34:00 +02:00
|
|
|
|
.. class:: django.views.generic.detail.SingleObjectMixin
|
|
|
|
|
|
|
|
|
|
Provides a mechanism for looking up an object associated with the
|
|
|
|
|
current HTTP request.
|
|
|
|
|
|
|
|
|
|
**Methods and Attributes**
|
|
|
|
|
|
|
|
|
|
.. attribute:: model
|
|
|
|
|
|
|
|
|
|
The model that this view will display data for. Specifying ``model
|
|
|
|
|
= Foo`` is effectively the same as specifying ``queryset =
|
2014-10-05 03:09:32 +02:00
|
|
|
|
Foo.objects.all()``, where ``objects`` stands for ``Foo``’s
|
|
|
|
|
:ref:`default manager <default-managers>`.
|
2012-06-11 10:34:00 +02:00
|
|
|
|
|
|
|
|
|
.. attribute:: queryset
|
|
|
|
|
|
|
|
|
|
A ``QuerySet`` that represents the objects. If provided, the value of
|
2013-01-01 14:12:42 +01:00
|
|
|
|
``queryset`` supersedes the value provided for :attr:`model`.
|
2012-06-11 10:34:00 +02:00
|
|
|
|
|
2013-08-09 12:31:17 +02:00
|
|
|
|
.. warning::
|
|
|
|
|
|
|
|
|
|
``queryset`` is a class attribute with a *mutable* value so care
|
|
|
|
|
must be taken when using it directly. Before using it, either call
|
|
|
|
|
its :meth:`~django.db.models.query.QuerySet.all` method or
|
|
|
|
|
retrieve it with :meth:`get_queryset` which takes care of the
|
|
|
|
|
cloning behind the scenes.
|
|
|
|
|
|
2012-06-11 10:34:00 +02:00
|
|
|
|
.. attribute:: slug_field
|
|
|
|
|
|
|
|
|
|
The name of the field on the model that contains the slug. By default,
|
|
|
|
|
``slug_field`` is ``'slug'``.
|
|
|
|
|
|
|
|
|
|
.. attribute:: slug_url_kwarg
|
|
|
|
|
|
|
|
|
|
The name of the URLConf keyword argument that contains the slug. By
|
|
|
|
|
default, ``slug_url_kwarg`` is ``'slug'``.
|
|
|
|
|
|
|
|
|
|
.. attribute:: pk_url_kwarg
|
|
|
|
|
|
|
|
|
|
The name of the URLConf keyword argument that contains the primary key.
|
|
|
|
|
By default, ``pk_url_kwarg`` is ``'pk'``.
|
|
|
|
|
|
|
|
|
|
.. attribute:: context_object_name
|
|
|
|
|
|
|
|
|
|
Designates the name of the variable to use in the context.
|
|
|
|
|
|
2014-09-13 03:23:35 +02:00
|
|
|
|
.. attribute:: query_pk_and_slug
|
|
|
|
|
|
|
|
|
|
If ``True``, causes :meth:`get_object()` to perform its lookup using
|
|
|
|
|
both the primary key and the slug. Defaults to ``False``.
|
|
|
|
|
|
|
|
|
|
This attribute can help mitigate `insecure direct object reference`_
|
|
|
|
|
attacks. When applications allow access to individual objects by a
|
|
|
|
|
sequential primary key, an attacker could brute-force guess all URLs;
|
|
|
|
|
thereby obtaining a list of all objects in the application. If users
|
|
|
|
|
with access to individual objects should be prevented from obtaining
|
|
|
|
|
this list, setting ``query_pk_and_slug`` to ``True`` will help prevent
|
|
|
|
|
the guessing of URLs as each URL will require two correct,
|
2019-06-17 16:54:55 +02:00
|
|
|
|
non-sequential arguments. Using a unique slug may serve the same
|
2014-09-13 03:23:35 +02:00
|
|
|
|
purpose, but this scheme allows you to have non-unique slugs.
|
|
|
|
|
|
2020-06-15 09:44:08 +02:00
|
|
|
|
.. _insecure direct object reference: https://wiki.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
|
2014-09-13 03:23:35 +02:00
|
|
|
|
|
2012-06-11 10:34:00 +02:00
|
|
|
|
.. method:: get_object(queryset=None)
|
|
|
|
|
|
2014-09-13 03:23:35 +02:00
|
|
|
|
Returns the single object that this view will display. If ``queryset``
|
|
|
|
|
is provided, that queryset will be used as the source of objects;
|
|
|
|
|
otherwise, :meth:`get_queryset` will be used. ``get_object()`` looks
|
|
|
|
|
for a :attr:`pk_url_kwarg` argument in the arguments to the view; if
|
|
|
|
|
this argument is found, this method performs a primary-key based lookup
|
|
|
|
|
using that value. If this argument is not found, it looks for a
|
|
|
|
|
:attr:`slug_url_kwarg` argument, and performs a slug lookup using the
|
|
|
|
|
:attr:`slug_field`.
|
|
|
|
|
|
2015-09-12 22:27:30 +02:00
|
|
|
|
When :attr:`query_pk_and_slug` is ``True``, ``get_object()`` will
|
|
|
|
|
perform its lookup using both the primary key and the slug.
|
2012-06-11 10:34:00 +02:00
|
|
|
|
|
|
|
|
|
.. method:: get_queryset()
|
|
|
|
|
|
|
|
|
|
Returns the queryset that will be used to retrieve the object that
|
2013-01-01 14:12:42 +01:00
|
|
|
|
this view will display. By default, :meth:`get_queryset` returns the
|
|
|
|
|
value of the :attr:`queryset` attribute if it is set, otherwise
|
|
|
|
|
it constructs a :class:`~django.db.models.query.QuerySet` by calling
|
2013-03-22 10:50:45 +01:00
|
|
|
|
the ``all()`` method on the :attr:`model` attribute's default manager.
|
2012-06-11 10:34:00 +02:00
|
|
|
|
|
|
|
|
|
.. method:: get_context_object_name(obj)
|
|
|
|
|
|
|
|
|
|
Return the context variable name that will be used to contain the
|
2013-01-01 14:12:42 +01:00
|
|
|
|
data that this view is manipulating. If :attr:`context_object_name` is
|
2014-02-22 17:54:32 +01:00
|
|
|
|
not set, the context name will be constructed from the ``model_name``
|
2013-01-01 14:12:42 +01:00
|
|
|
|
of the model that the queryset is composed from. For example, the model
|
|
|
|
|
``Article`` would have context object named ``'article'``.
|
2012-06-11 10:34:00 +02:00
|
|
|
|
|
|
|
|
|
.. method:: get_context_data(**kwargs)
|
|
|
|
|
|
2017-06-06 17:24:44 +02:00
|
|
|
|
Returns context data for displaying the object.
|
2012-06-11 10:34:00 +02:00
|
|
|
|
|
2015-10-21 10:28:22 +02:00
|
|
|
|
The base implementation of this method requires that the ``self.object``
|
2014-08-19 18:06:07 +02:00
|
|
|
|
attribute be set by the view (even if ``None``). Be sure to do this if
|
|
|
|
|
you are using this mixin without one of the built-in views that does so.
|
|
|
|
|
|
2015-10-21 10:28:22 +02:00
|
|
|
|
It returns a dictionary with these contents:
|
|
|
|
|
|
|
|
|
|
* ``object``: The object that this view is displaying
|
|
|
|
|
(``self.object``).
|
|
|
|
|
* ``context_object_name``: ``self.object`` will also be stored under
|
|
|
|
|
the name returned by :meth:`get_context_object_name`, which defaults
|
|
|
|
|
to the lowercased version of the model name.
|
|
|
|
|
|
|
|
|
|
.. admonition:: Context variables override values from template context processors
|
|
|
|
|
|
|
|
|
|
Any variables from :meth:`get_context_data` take precedence over
|
|
|
|
|
context variables from :ref:`context processors
|
|
|
|
|
<subclassing-context-requestcontext>`. For example, if your view
|
|
|
|
|
sets the :attr:`model` attribute to
|
|
|
|
|
:class:`~django.contrib.auth.models.User`, the default context
|
|
|
|
|
object name of ``user`` would override the ``user`` variable from
|
|
|
|
|
the :func:`django.contrib.auth.context_processors.auth` context
|
|
|
|
|
processor. Use :meth:`get_context_object_name` to avoid a clash.
|
|
|
|
|
|
2013-01-01 14:12:42 +01:00
|
|
|
|
.. method:: get_slug_field()
|
|
|
|
|
|
|
|
|
|
Returns the name of a slug field to be used to look up by slug. By
|
2019-06-17 16:54:55 +02:00
|
|
|
|
default this returns the value of :attr:`slug_field`.
|
2013-01-01 14:12:42 +01:00
|
|
|
|
|
2012-06-11 10:34:00 +02:00
|
|
|
|
|
2016-01-24 22:26:11 +01:00
|
|
|
|
``SingleObjectTemplateResponseMixin``
|
|
|
|
|
=====================================
|
2012-08-11 08:07:15 +02:00
|
|
|
|
|
2012-06-11 10:34:00 +02:00
|
|
|
|
.. class:: django.views.generic.detail.SingleObjectTemplateResponseMixin
|
|
|
|
|
|
|
|
|
|
A mixin class that performs template-based response rendering for views
|
|
|
|
|
that operate upon a single object instance. Requires that the view it is
|
|
|
|
|
mixed with provides ``self.object``, the object instance that the view is
|
|
|
|
|
operating on. ``self.object`` will usually be, but is not required to be,
|
|
|
|
|
an instance of a Django model. It may be ``None`` if the view is in the
|
|
|
|
|
process of constructing a new instance.
|
|
|
|
|
|
|
|
|
|
**Extends**
|
|
|
|
|
|
|
|
|
|
* :class:`~django.views.generic.base.TemplateResponseMixin`
|
|
|
|
|
|
|
|
|
|
**Methods and Attributes**
|
|
|
|
|
|
|
|
|
|
.. attribute:: template_name_field
|
|
|
|
|
|
|
|
|
|
The field on the current object instance that can be used to determine
|
|
|
|
|
the name of a candidate template. If either ``template_name_field``
|
|
|
|
|
itself or the value of the ``template_name_field`` on the current
|
|
|
|
|
object instance is ``None``, the object will not be used for a
|
|
|
|
|
candidate template name.
|
|
|
|
|
|
|
|
|
|
.. attribute:: template_name_suffix
|
|
|
|
|
|
|
|
|
|
The suffix to append to the auto-generated candidate template name.
|
|
|
|
|
Default suffix is ``_detail``.
|
|
|
|
|
|
|
|
|
|
.. method:: get_template_names()
|
|
|
|
|
|
|
|
|
|
Returns a list of candidate template names. Returns the following list:
|
|
|
|
|
|
|
|
|
|
* the value of ``template_name`` on the view (if provided)
|
|
|
|
|
* the contents of the ``template_name_field`` field on the
|
|
|
|
|
object instance that the view is operating upon (if available)
|
2014-02-22 17:54:32 +01:00
|
|
|
|
* ``<app_label>/<model_name><template_name_suffix>.html``
|