On Sunday 29 March 2015 22:04:23 Mike Dewhirst wrote:
> On 29/03/2015 7:28 PM, Julo wrote:
> > Maybe you can add an interface for the models that are importants
> > and hook to the save/delete signal a interfaced function called
> > CanSave() And you check the premisson he has, if not allowed rais
> > an exception, and don't save.
> Julo
>
> I like that. I'll dig a bit deper. It would be best to do it in the
> model but I'm not sure how I can get request.user from there.
It's convenient to have all information in one place, but...permission
validation is a view and by extension form action. Data correctness and
integrity validation belongs in the model.
That said, maybe I'm not getting your workflow correctly, but to me it
seems that if request.user is not owner, some fields should be readonly.
And this is what ModelAdmin.get_readonly_fields() is for.
If this doesn't work for you, can you explain why?
--
Melvyn Sopacua
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4084934.niUPzQKpei%40devstation.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment