On 30/03/2015 3:11 AM, Melvyn Sopacua wrote:
> On Sunday 29 March 2015 22:04:23 Mike Dewhirst wrote:
>> On 29/03/2015 7:28 PM, Julo wrote:
>>> Maybe you can add an interface for the models that are importants
>>> and hook to the save/delete signal a interfaced function called
>>> CanSave() And you check the premisson he has, if not allowed rais
>>> an exception, and don't save.
>> Julo
>>
>> I like that. I'll dig a bit deper. It would be best to do it in the
>> model but I'm not sure how I can get request.user from there.
>
> It's convenient to have all information in one place, but...permission
> validation is a view and by extension form action. Data correctness and
> integrity validation belongs in the model.
I agree and that's where I always put it.
>
> That said, maybe I'm not getting your workflow correctly, but to me it
> seems that if request.user is not owner, some fields should be readonly.
> And this is what ModelAdmin.get_readonly_fields() is for.
Working on this as we speak!
>
> If this doesn't work for you, can you explain why?
I think it will work!
More later.
Thank you Melvyn
Mike
>
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/55188F4E.50402%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment