From bc428552a51ec3392b9cc297b71cb3bcc1e7afd9 Mon Sep 17 00:00:00 2001 From: Jukoga Date: Wed, 17 Jul 2024 12:39:00 +0200 Subject: [PATCH 1/2] blog/create is now just accessible if you have the staff flag --- blog/views.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/blog/views.py b/blog/views.py index 18ae431..b3fa681 100644 --- a/blog/views.py +++ b/blog/views.py @@ -1,7 +1,10 @@ +from django.db.models import QuerySet from django.shortcuts import render from django.contrib.auth.mixins import * from django.views.generic import * from .models import * +from django.contrib.admin.views.decorators import staff_member_required +from django.utils.decorators import method_decorator # Create your views here. @@ -34,7 +37,7 @@ def news(request): ordering = (ordering,) queryset = queryset.order_by(*ordering) - return render(request, 'blog/home.html', { context_object_name: queryset, 'topics': ['No Updates...'] }) + return render(request, 'blog/home.html', {context_object_name: queryset, 'topics': ['No Updates...']}) class BlogDetailView(DetailView): @@ -42,6 +45,7 @@ class BlogDetailView(DetailView): template_name = 'blog/blogDetail.html' +@method_decorator(staff_member_required, name='dispatch') class BlogCreateView(LoginRequiredMixin, CreateView): model = Blog template_name = 'blog/blogCreate.html' @@ -55,8 +59,10 @@ class BlogCreateView(LoginRequiredMixin, CreateView): def dev(request): return render(request, 'dev.html', {'title': 'Development'}) + def support(request): return render(request, 'support.html', {'title': 'Support Us'}) + def home(request): - return render(request, 'index.html', {'title': 'Home'}) \ No newline at end of file + return render(request, 'index.html', {'title': 'Home'}) From 3eed3e280d1456ddb55b766174a9f507e8b0d7f6 Mon Sep 17 00:00:00 2001 From: Surya Date: Wed, 24 Jul 2024 22:27:33 +0200 Subject: [PATCH 2/2] Made the `SECRET` secret Made the `SECRET KEY` secret by using .env --- BH/settings.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/BH/settings.py b/BH/settings.py index b99189e..a1c5141 100644 --- a/BH/settings.py +++ b/BH/settings.py @@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/3.0/ref/settings/ """ import os +from dotenv import load_dotenv # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -19,13 +20,16 @@ TEMPLATES_DIR = os.path.join(BASE_DIR + '/templates') # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/ +# Load the Env +load_dotenv() + # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = '!2g)+m+_h9fq9%il5+t5#qnj^9502or6$=2!$==v=i2*c#7q*m' +SECRET_KEY = os.getenv('SECRET_KEY') # SECURITY WARNING: don't run with debug turned on in production! -DEBUG = True +DEBUG = False -ALLOWED_HOSTS = [] +ALLOWED_HOSTS = ['localhost', '127.0.0.1'] # Application definition