get_queryset() is designed to filter down a list of of available objects that a generic view can use. The reason that CreateView doesn't have one is because the purpose of CreateView is to create a new object to operate on (meaning that there shouldn't be anything in the database that can be queried).
-- You shouldn't use get_queryset() to control access to the view itself, only use it to filter down the available objects already within the database. Those two ideas sound similar, but are handled differently.
What you are likely looking for is a row level (per object) permission system (the built-in permission system is table level). There are several packages available to assist:
Many of the authentication packages also have authorization (permission checking) built in.
django-guardian is probably the most popular of all of these. I haven't used any of them personally.
The authorization package you choose should work in tandem with the get_queryset() methods you've probably already defined.
-James
On Thu, Jul 30, 2015 at 3:20 AM, David <davidwills@adviserbreakthrough.co.uk> wrote:
Hi--Using other CBV's I can use get_queryset to filter out users that don't belong to a certain group. AFAIK createview doesn't have get_queryset.Can I achieve this with CreateView somehow?The context is:All forums: have to be a member of X to view anythingA particular Forum: have to be a member of Y to view at allCreateView need to be a member of Y to view/submitThank you
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/49fb6fc3-7b86-424c-af97-d50824762dd2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciVVh5tPmPxcWUEJay82%3DBxPQvLtv1DbiHEKUdLw6bjHGw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment