Hey, I'm glad you got it all running! I just wanted to specify some of
my exact code in case anybody references this in the future. It's a
bit off from where I was.
In my UpdateViews and DetailViews, I do something along the lines of this:
# Limit Editing Access to User's Own Objects.
def get_queryset(self):
base_qs = super(VideoUpdateView, self).get_queryset()
return base_qs.filter(owner = self.request.user)
In my DetailViews and ListViews, I follow this approach
# Restrict video viewing to only Video's owned by the user.
def get_queryset(self):
return Video.objects.filter(owner = self.request.user)
If anyone is curious, you can pretty much read the Class Based Views
Source Code (and their associated mixins, which are just parent
classes that add some specific functionality) to see how these
particular modifications work -- or when adding your own new
modifications. For anyone else reading this -- when you move from the
traditional views to the new Class Based Views, your code is *so* much
easier to read and smaller!
Feel free to ignore my lack of strict-adherence to Python/Django
coding standards. I'm still working on getting used to passing
parameters without spaces in assignments, putting comments below a
method signature, etc..
On Thu, May 24, 2012 at 5:14 PM, Paul <peebor@gmail.com> wrote:
> Thanks for thinking along.
>
> Guardian sounds really well, also given the recent commits,,,,
>
> However, such 'dynamic' authentication method (meaning users shall be
> explicitly authorized or not) is overhead in my case since the
> permission is 'static'; its simply dependent on the user field of the
> model.
>
> I followed your example by overloading the get_queryset and that
> really a simple solution to this issue.
>
> Tests are running now; all 404's; great!
>
> Paul
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment