django 1.11
django-ckeditor 5.3.1(CKEditor 4.7.3)
前端页面引用了 CKEditor 富文本编辑器,Django 未登录的时候上传文件就会报:"不正确的服务器响应"。
Incorrect Server Response
GET /admin/login/?next=/ckeditor/upload/ HTTP/1.1
从控制台可以看出来,会跳转到 admin 登录页面,也就是需要验证登录才能上传,那怎么才能取消登录验证呢?
..\Lib\site-packages\ckeditor_uploader\urls.py
from __future__ import absolute_import
import django
from django.conf.urls import url
from django.contrib.admin.views.decorators import staff_member_required
from django.views.decorators.cache import never_cache
from . import views
if django.VERSION >= (1, 8):
urlpatterns = [
url(r'^upload/', staff_member_required(views.upload), name='ckeditor_upload'),
# url(r'^upload/', views.upload, name='ckeditor_upload'), # ckeditor 上传文件不验证登录状态
url(r'^browse/', never_cache(staff_member_required(views.browse)), name='ckeditor_browse'),
]
else:
from django.conf.urls import patterns
urlpatterns = patterns(
'',
url(r'^upload/', staff_member_required(views.upload), name='ckeditor_upload'),
url(r'^browse/', never_cache(staff_member_required(views.browse)), name='ckeditor_browse'),
)
在上面第 12 行代码这里可以看到,views.upload 还加一个 staff_member_required 验证,点进去看一下:
..\Lib\site-packages\django\contrib\admin\views\decorators.py
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.decorators import user_passes_test
def staff_member_required(view_func=None, redirect_field_name=REDIRECT_FIELD_NAME,
login_url='admin:login'):
"""
Decorator for views that checks that the user is logged in and is a staff
member, redirecting to the login page if necessary.
"""
actual_decorator = user_passes_test(
lambda u: u.is_active and u.is_staff,
login_url=login_url,
redirect_field_name=redirect_field_name
)
if view_func:
return actual_decorator(view_func)
return actual_decorator
从 staff_member_required 可以看出验证了 lambda u: u.is_active and u.is_staff 状态,所以我们要想去掉 ckeditor 的上传文件的验证,就需要放开登录验证,通过修改 ckeditor 上传路由的那行代码,能关掉登录验证。
..\Lib\site-packages\ckeditor_uploader\urls.py 下把 staff_member_required 去掉:
from django.contrib.admin.views.decorators import staff_member_required
urlpatterns = [
# url(r'^upload/', staff_member_required(views.upload), name='ckeditor_upload'),
url(r'^upload/', views.upload, name='ckeditor_upload'), # ckeditor 上传文件不验证登录状态
url(r'^browse/', never_cache(staff_member_required(views.browse)), name='ckeditor_browse'),
]
也可以自己写一个验证规则,替换掉 staff_member_required。
此函数可以拓展到任何一个路由上,做登录验证,也可以重写 staff_member_required 验证逻辑。
比如,本地的 media 文件需要登录了才能查看
# django 1.11.x
from django.conf.urls import url
from django.views.static import serve
from django.conf import settings
from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.decorators import login_required
urlpatterns = [
url(r'^media/(?P<path>.*)$', staff_member_required(serve), {"document_root": settings.MEDIA_ROOT}),
]
# ..\Lib\site-packages\django\contrib\auth\decorators.py
def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None):
"""
Decorator for views that checks that the user is logged in, redirecting
to the log-in page if necessary.
"""
actual_decorator = user_passes_test(
lambda u: u.is_authenticated,
login_url=login_url,
redirect_field_name=redirect_field_name
)
if function:
return actual_decorator(function)
return actual_decorator