Re: Question object permission approach

Hey,

I think it really depends on how much complexity you want. We use a
package called userena which depends upon Guardian. All that I know
about Guardian is it's no fun when schema migrations get messed up :)
In all honestly, though, I should have probably read more about it
before using an application that depends upon it.

What we do is simply override the querysets. It wouldn't be very
difficult to subclass some of the Class Based Views to make this
easier on you.

For example:

def get_queryset(self, queryset=None): # Not sure if that should be qs
-- I'd have to look at the source
qs = queryset.filter(user = self.request.user)
return qs

In other places where I am using ModelForms and letting users update
their own objects, I just override get_object like you mentioned.

On Wed, May 23, 2012 at 4:53 PM, Paul <peebor@gmail.com> wrote:
> Assume i have a model as follows:
>
> class Website(models.Model):
>    user = models.ForeignKey(User)
>    name = models.CharField(unique=True, max_length=32)
>    url = models.URLField(unique=True)
>
> Now i have a generic (detail) view as follows:
>
> class WebsiteRead(DetailView):
>    model = Website
>
>    @method_decorator(login_required())
>    def dispatch(self, *args, **kwargs):
>        return super(WebsiteRead, self).dispatch(*args, **kwargs)
>
> I want users to only be able to view an object when they have created
> it; [self.request.user == Website.user].
>
> What is the best approach to create this?
> - I could overload get_object to query for the object based on the pk
> and the fk of the user.
> - Or should i use a package (from http://www.djangopackages.com/grids/g/perms/)
> such as django-guardian?
>
> Paul
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.