def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponseRedirect:
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user is None:
messages.error(request, _('No user account matches the entered credentials.'))
return redirect('backoffice:login')
if not user.is_active:
messages.error(request, _('User account is deactivated.'))
return redirect('backoffice:login')
if not is_backoffice_user(user):
messages.error(request, _('User does not have permission to access backoffice data.'))
return redirect('backoffice:login')
login(request, user)
url = request.GET.get('next')
if url and is_safe_url(url, request.get_host()):
return redirect(url)
return redirect('backoffice:main')
评论列表
文章目录
