Code Reference

Views

Django · Reference cheat sheet

Views

Django · Reference cheat sheet


📋 Overview

Views receive an HttpRequest and return an HttpResponse (or raise). Use function-based views (FBVs) for simple flows and class-based views (CBVs) for reusable patterns. Keep views thin: validate input, call services/ORM, return response or redirect.

🔧 Core concepts

StyleNotes
FBVdef view(request, **kwargs)
CBVMyView.as_view() in URLconf
Shortcutsrender, redirect, get_object_or_404
Decoratorslogin_required, require_POST, csrf_exempt (rare)
MixinsAuth/permission for CBVs
ErrorsHttp404, PermissionDenied, custom handlers

Request attributes: method, GET, POST, user, session, FILES, headers.

💡 Examples

Function-based view:

from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404, redirect, render
from .forms import ArticleForm
from .models import Article


def article_detail(request, slug: str):
    article = get_object_or_404(Article, slug=slug, is_published=True)
    return render(request, "blog/article_detail.html", {"article": article})


@login_required
def article_edit(request, slug: str):
    article = get_object_or_404(Article, slug=slug, author=request.user)
    if request.method == "POST":
        form = ArticleForm(request.POST, instance=article)
        if form.is_valid():
            form.save()
            return redirect(article)
    else:
        form = ArticleForm(instance=article)
    return render(request, "blog/article_form.html", {"form": form})

JSON response without DRF:

import json
from django.http import JsonResponse
from django.views.decorators.http import require_GET


@require_GET
def health(request):
    return JsonResponse({"status": "ok"})

CBV sketch:

from django.views import View
from django.http import HttpResponse


class PingView(View):
    def get(self, request, *args, **kwargs):
        return HttpResponse("pong")

⚠️ Pitfalls

  • Returning unsanitized user HTML → XSS; use templates auto-escape.
  • Long-running work in a request blocks workers—use tasks/queues.
  • Catching all exceptions and returning 200 hides failures.
  • Mutating data on GET violates HTTP semantics—use POST/PUT/PATCH/DELETE.

On this page