Answer the question
In order to leave comments, you need to log in
A
A
Anna2019-01-08 17:15:33
Anna, 2019-01-08 17:15:33
How to delimit access to records, crud only your user records?
The point is that you need to use one model for all authorized users. They can create write objects, but they can read them. only those that belong to him, that is, created by him, can delete and change. Django 2.*
I would like to set access rights at the model level, since filtering in the view is not suitable. A large number of performances are planned. it is inconvenient to write a filter for everyone
3 answer(s)
@deliro
@vintkor
Why not use the kaskom manager?
@pyHammer
R
Roman Kitaev, 2019-01-08 @deliro
You're trying to get the object(s) with QuerySet, but the creator (model field) is equal to request.user. That is, instead of Model.objects.get(id=1234) you write Model.objects.get(id=1234, user=request.user). And instead of Model.objects.filter(some_field="some value") you write Model.objects.filter(some_field="some value", user=request.user). Well, provided that the Model really has a user field and it is filled in correctly.
You can unify this with a mixin for views - overriding the get_queryset method if CBVs are used
A
Alexander, 2019-01-10 @vintkor
A large number of performances are planned. it is inconvenient to write a filter for everyone
Why not use the kaskom manager?
D
Dmitry, 2019-01-18 @pyHammer
The best option for you is django-rules. And as mentioned above, a queryset with a filter by user, if you are using CBV, then you need to write a mixin with a get_queryset method reload. If you are writing function representations, I suggest you abandon them in favor of CBV.
Similar questions
Z
J
Jekson2020-01-28 11:05:14
Postgresql and using virtual environment and docker on the same project?
1Reply
R
L
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question