Use LoginRequiredMixin, UserPassesTestMixin, CreateView, and UpdateView for auth-protected CRUD.
Advanced Class-Based Views
from django.views.generic import CreateView, UpdateView, DeleteView
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.urls import reverse_lazy
class PostCreateView(LoginRequiredMixin, CreateView):
model = Post
fields = ["title","body"]
success_url = reverse_lazy("blog:post-list")
def form_valid(self, form):
form.instance.author = self.request.user
return super().form_valid(form)
class PostUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
model = Post
fields = ["title","body"]
def test_func(self):
return self.get_object().author == self.request.user