Wednesday, April 1, 2015

Re: Global access to request.user

Am 27.03.2015 um 19:05 schrieb Stephen J. Butler:
> On Fri, Mar 27, 2015 at 10:30 AM, Thomas Güttler <hv@tbz-pariv.de> wrote:
>> You have an instance method to render one row of a search result (a custom
>> paginator).
>>
>> One column of this row displays a link. Some users are allowed to follow the
>> link,
>> some are not. You need to check the (row level) permissions before
>> displaying it as
>> link or as plain text.
>>
>> The render_row() method is deep inside OOP python code. The method needs to
>> know which user is logged in to return the correct result.
>>
>> Of course I could always return a hyperlink. And users which don't have
>> the permission will see the permission denied page. But this is not user
>> friendly.
>
> How important is it that the legacy code retain the same structure?

This is not important. As long as the result does not change.

> You have the choice here to either break Django or refactor your
> legacy code. Doing the refactor is what will cause you the least
> headaches as you move forward (and as Django moves forward).
>
> What you really need to do here is move render_row into a template
> include or a template tag (which gets the template context, which
> includes user). That's the proper place for it IMHO in the MVC
> paradigm, which is the Django way.

ok, this way is better than the current: pass around the context
everywhere where the request gets passed around up to now.

Headache makes the code which gets called outside the request-response cycle.
For example cron jobs.

Example: We create reports for users in cron jobs. Here we need a user object
and have no context.

Regards,
Thomas Güttler

--
Thomas Güttler
http://thomas-guettler.de/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/551BAFBD.8010804%40tbz-pariv.de.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment