On 29/05/2018 11:04 AM, Dylan Moreland wrote:
> Hello,
>
> I'm building an employee performance tracker for my company, and I'd
> like each employee to be able to view their own infractions (late to a
> shift, missed punch, etc.) and no one else's, obviously. I plan to use
> the built-in Django admin interface to allow HR to modify the database
> as necessary, and I also want to build a frontend for employees to
> access.
You write views to extract data from the database and render the result
in a frontend template. Provided you force the users to authenticate,
generally by decorating the views with @login_required, then the http
request object Django gives you has the authenticated user as an
attribute. ie., request.user is the employee object.
If you then retrieve infraction data from the database keyed on
request.user, that employee will only see his or her own infractions and
no-one else's.
There are other things you need to watch. For example, don't let
employees access the admin (user.is_staff = False) unless you have taken
care to prevent them seeing other data. It is more complex than doing it
in your own views but it can be done.
You might also think about warning users to logout after visiting their
page because by default a Django session lasts two weeks. It is a bit
problematic trying to force logout from the server.
Good luck. I think you will enjoy the flexibility and power of Django.
>
> My models are currently set up as follows:
>
> *_'Employee' model:_*
>
> - first_name (CharField)
>
> - last_name (CharField)
>
> *_'InfractionType' model:_*
> - description (CharField)
>
> *_'Infraction' model:_*
> - timestamp (DateTimeField)
> - employee (ForeignKey, Employee)
> - type (ForeignKey, InfractionType)
> - has_comment (Boolean) #true if employee has added an explanatory
> comment to our timecard system, false if they haven't
> - description (CharField)
>
>
> I am also using the django.contrib.auth and django.contrib.admin
> libraries and their corresponding database tables.
>
> How should I set up my templates such that each logged-in user has
> access to only their own employee information? I get the sense that I
> will need to add a one-to-one relationship between the User table and
> Employee table, but I'm not sure if I'm on the right track.
>
> Also, I've been developing in Django for about three days now, so I'm
> very new to all of this. I appreciate your patience and support.
>
>
> Thanks so much for your help,
> Dylan
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To post to this group, send email to django-users@googlegroups.com
> <mailto:django-users@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/ba106eda-7a33-412f-ad90-c0fc8540a006%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/ba106eda-7a33-412f-ad90-c0fc8540a006%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/839d4482-16a0-efad-c819-edfe0f68c505%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment