Single object mixins
SingleObjectMixin
class django.views.generic.detail.``SingleObjectMixin
Provides a mechanism for looking up an object associated with the current HTTP request.
Methods and Attributes
model
The model that this view will display data for. Specifying
model = Foo
is effectively the same as specifyingqueryset = Foo.objects.all()
, whereobjects
stands forFoo
’s default manager.queryset
A
QuerySet
that represents the objects. If provided, the value ofqueryset
supersedes the value provided formodel
.Warning
queryset
is a class attribute with a mutable value so care must be taken when using it directly. Before using it, either call itsall()
method or retrieve it withget_queryset()
which takes care of the cloning behind the scenes.slug_field
The name of the field on the model that contains the slug. By default,
slug_field
is'slug'
.slug_url_kwarg
The name of the URLConf keyword argument that contains the slug. By default,
slug_url_kwarg
is'slug'
.pk_url_kwarg
The name of the URLConf keyword argument that contains the primary key. By default,
pk_url_kwarg
is'pk'
.context_object_name
Designates the name of the variable to use in the context.
query_pk_and_slug
If
True
, causesget_object()
to perform its lookup using both the primary key and the slug. Defaults toFalse
.This attribute can help mitigate insecure direct object reference attacks. When applications allow access to individual objects by a sequential primary key, an attacker could brute-force guess all URLs; thereby obtaining a list of all objects in the application. If users with access to individual objects should be prevented from obtaining this list, setting
query_pk_and_slug
toTrue
will help prevent the guessing of URLs as each URL will require two correct, non-sequential arguments. Using a unique slug may serve the same purpose, but this scheme allows you to have non-unique slugs.get_object
(queryset=None)Returns the single object that this view will display. If
queryset
is provided, that queryset will be used as the source of objects; otherwise,get_queryset()
will be used.get_object()
looks for apk_url_kwarg
argument in the arguments to the view; if this argument is found, this method performs a primary-key based lookup using that value. If this argument is not found, it looks for aslug_url_kwarg
argument, and performs a slug lookup using theslug_field
.When
query_pk_and_slug
isTrue
,get_object()
will perform its lookup using both the primary key and the slug.get_queryset
()Returns the queryset that will be used to retrieve the object that this view will display. By default,
get_queryset()
returns the value of thequeryset
attribute if it is set, otherwise it constructs aQuerySet
by calling theall()
method on themodel
attribute’s default manager.get_context_object_name
(obj)Return the context variable name that will be used to contain the data that this view is manipulating. If
context_object_name
is not set, the context name will be constructed from themodel_name
of the model that the queryset is composed from. For example, the modelArticle
would have context object named'article'
.get_context_data
(\*kwargs*)Returns context data for displaying the object.
The base implementation of this method requires that the
self.object
attribute be set by the view (even ifNone
). Be sure to do this if you are using this mixin without one of the built-in views that does so.It returns a dictionary with these contents:
object
: The object that this view is displaying (self.object
).context_object_name
:self.object
will also be stored under the name returned byget_context_object_name()
, which defaults to the lowercased version of the model name.
Context variables override values from template context processors
Any variables from
get_context_data()
take precedence over context variables from context processors. For example, if your view sets themodel
attribute toUser
, the default context object name ofuser
would override theuser
variable from thedjango.contrib.auth.context_processors.auth()
context processor. Useget_context_object_name()
to avoid a clash.get_slug_field
()Returns the name of a slug field to be used to look up by slug. By default this returns the value of
slug_field
.
SingleObjectTemplateResponseMixin
class django.views.generic.detail.``SingleObjectTemplateResponseMixin
A mixin class that performs template-based response rendering for views that operate upon a single object instance. Requires that the view it is mixed with provides self.object
, the object instance that the view is operating on. self.object
will usually be, but is not required to be, an instance of a Django model. It may be None
if the view is in the process of constructing a new instance.
Extends
Methods and Attributes
template_name_field
The field on the current object instance that can be used to determine the name of a candidate template. If either
template_name_field
itself or the value of thetemplate_name_field
on the current object instance isNone
, the object will not be used for a candidate template name.template_name_suffix
The suffix to append to the auto-generated candidate template name. Default suffix is
_detail
.get_template_names
()Returns a list of candidate template names. Returns the following list:
- the value of
template_name
on the view (if provided) - the contents of the
template_name_field
field on the object instance that the view is operating upon (if available) <app_label>/<model_name><template_name_suffix>.html
- the value of