getting 403 Forbidden for every update of a post in django

Question

i am trying to add an updateView using class based view to my blog_post whenever i hop in to any post-detail and to the update url like is http://127.0.0.1:8000/pages/blog/15/update/ i get a 403 Forbidden error in which i only want each user to update their blogpost which they wont be able to update other user blogpost so but so i decided to use UserPassesTestMixin which would require tesc_func but my tesc_func is not applying what i asked for tho i am using CustomUser model so i dont know if that will change the way i will write in my tesc_func here is my code,

views.py

class BlogUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
    model = Blog
    fields = ['title', 'categories', 'overview', 'thumbnail', 'summary']

    def form_valid(self, form):
        form.instance.user = Doctor.objects.get(user=self.request.user)
        return super().form_valid(form)

    def test_func(self):
        blog = self.get_object()
        if self.request.user == blog.user:
            return True
        return False

urls.py

path('blog/<int:pk>/update/', BlogUpdateView.as_view(), name='blog-update'),

What is the error message, can you run it in `DEBUG=True` mode? — Bernardo Duarte, Jun 09 '20 at 23:49
thanks i am not getting any error i am just getting a 403 Forbideen which i only expect to show this if the user is trying to updating someone else blogpost — Exactman, Jun 09 '20 at 23:52
you should learn to debug your own code, also are you sure this blog instance is related to that particular user you logged in as — iklinac, Jun 09 '20 at 23:54
@iklinac yes i created a new blogpost and try to update it to confirm still i get the error — Exactman, Jun 09 '20 at 23:57

score 0 · Accepted Answer · answered Jun 30 '20 at 16:27

i tried this in my views.py and it worked normal,the way i wanted

class BlogUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
    model = Blog
    fields = ['title', 'categories', 'overview', 'image', 'summary']

    def form_valid(self, form):
        form.instance.doctor = Doctor.objects.get(user=self.request.user)
        return super().form_valid(form)


    def test_func(self):
        blog = self.get_object()
        if self.request.user == blog.doctor.user:
            return True
        return False

getting 403 Forbidden for every update of a post in django

views.py

urls.py

1 Answers1