Monday, May 28, 2018

Authenticated users should only be able to see their own data

Hello,

I'm building an employee performance tracker for my company, and I'd like each employee to be able to view their own infractions (late to a shift, missed punch, etc.) and no one else's, obviously. I plan to use the built-in Django admin interface to allow HR to modify the database as necessary, and I also want to build a frontend for employees to access. 

My models are currently set up as follows:

'Employee' model:
- first_name (CharField)
- last_name (CharField)

'InfractionType' model:
- description (CharField)

'Infraction' model:
- timestamp (DateTimeField)
- employee (ForeignKey, Employee)
- type (ForeignKey, InfractionType)
- has_comment (Boolean) #true if employee has added an explanatory comment to our timecard system, false if they haven't
- description (CharField)

I am also using the django.contrib.auth and django.contrib.admin libraries and their corresponding database tables.

How should I set up my templates such that each logged-in user has access to only their own employee information? I get the sense that I will need to add a one-to-one relationship between the User table and Employee table, but I'm not sure if I'm on the right track.

Also, I've been developing in Django for about three days now, so I'm very new to all of this. I appreciate your patience and support.


Thanks so much for your help,
Dylan

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ba106eda-7a33-412f-ad90-c0fc8540a006%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment