Make readable the post only if the user is staff

Question

I'm developing the backend of my blog and I need to make a difference between the typology of posts: published, future post, draft. For do this I'm started with the indications comes inside my past request:

• Create a restricted area
• Django: put offline a post after an event

After I've realise that all the typology of posts are always online thanks this solution I can put online only the published posts.

In my blog there are two typology of users: is_staff(the default Django typology), is_user(it is inside my registration model). There is another typology that is the anonymous user, the users without any type of registration that arrive on my blog using Google or another solution.

Therefore I've developed a view that show the draft and the future posts only if the user is is_staff but I see the Forbidden error.

def singlePost(request, slug_post, slug_category):
    post_category = get_object_or_404(BlogCategory, slug_category=slug_category)
    post_filter = BlogPost.objects.filter(draft=False, publishing_date__lt=datetime.datetime.now())
    if not request.user.is_authenticated:
         post_filter = BlogPost.objects.filter(draft=False, publishing_date__lt=datetime.datetime.now())
         raise PermissionDenied
    elif request.user.is_user:
         post_filter = BlogPost.objects.filter(draft=False, publishing_date__lt=datetime.datetime.now())
         raise PermissionDenied
    else:
         post_filter = BlogPost.objects.all()
    post_details = get_object_or_404(post_filter, slug_post=slug_post)
    category_post_details = BlogPost.objects.filter(post_category=post_category)
    context = {
        "post_category": post_category,
        "post_details": post_details,
        "category_post_details": category_post_details,
        }
    template = 'blog/reading/single_post.html'
    return render(request, template, context)

How I can solve? Made my personal blog by myself is an opportunity to learn more about Python and Django.

NB: the view works fine in that way

def singlePost(request, slug_post, slug_category):
    post_category = get_object_or_404(BlogCategory, slug_category=slug_category)
    post_details = get_object_or_404(BlogPost, slug_post=slug_post)
    category_post_details = BlogPost.objects.filter(post_category=post_category)
    context = {
        "post_category": post_category,
        "post_details": post_details,
        "category_post_details": category_post_details,
        }
    template = 'blog/reading/single_post.html'
    return render(request, template, context)

NB: That I would like obtain is a backend like Wordpress. With Wordpress you can create a draft or a scheduled post, this type of posts are not online and make readable only to the loggedin users.

Answer 1

Thanks to the indication of @RaideR I've solved my problem.

def singlePost(request, slug_post, slug_category):
    post_category = get_object_or_404(BlogCategory, slug_category=slug_category)
    if not request.user.is_staff:
         post_filter = BlogPost.objects.filter(
                        draft=False,
                        publishing_date__lt=datetime.datetime.now()
                        )
    else:
         post_filter = BlogPost.objects.all()
    post_details = get_object_or_404(post_filter, slug_post=slug_post)
    category_post_details = BlogPost.objects.filter(post_category=post_category)
    context = {
        "post_category": post_category,
        "post_details": post_details,
        "category_post_details": category_post_details,
        }
    template = 'blog/reading/single_post.html'
    return render(request, template, context)