Reputation: 151336
How do I disallow comments from anonymous users?
I'm using django-contrib-comments, and I'm wondering how to ban anonymous users from posting comments.
Simply not displaying the form to anonymous users is not enough, since anonymous users can still post requests to the correct URL. It is possible to work out the CSRF token and the security_hash token as well from previous responses, so that's not enough.
Upvotes: 0
Views: 160
Answers (1)
Reputation: 13078
If your goal is to disallow anonymous users to post comments, you can try to override the default supplied urls. Add login_required to the post_comment view. Do this by modifying urls.py for your django project:
from django.conf.urls import url, include
from django.contrib.auth.decorators import login_required
from django_comments.views.comments import post_comment
urlpatterns = [
...
# the line below will override the url supplied in django_comments.urls
url(r'^comments/post/$', login_required(post_comment), name='comments-post-comment'),
url(r'^comments/', include('django_comments.urls')),
...
]
Whenever a request is made to /comments/post/, it will use the login_required version of the view, as the pattern will be matched before the one in django_comments.urls.
Upvotes: 2
Related Questions
- How do I merge two dictionaries in a single expression in Python?
- How to find the index for a given item in a list?
- How do I make a flat list out of a list of lists?
- How slicing in Python works
- How can I remove a key from a Python dictionary?
- How do I check whether a file exists without exceptions?
- How do I select rows from a DataFrame based on column values?
- How to access the index value in a 'for' loop?
- How do I execute a program or call a system command?
- How do I create a directory, and any missing parent directories?