How to delimit access to records, crud only your user records?

A

Anna2019-01-08 17:15:33

Django

Anna, 2019-01-08 17:15:33

The point is that you need to use one model for all authorized users. They can create write objects, but they can read them. only those that belong to him, that is, created by him, can delete and change. Django 2.*
I would like to set access rights at the model level, since filtering in the view is not suitable. A large number of performances are planned. it is inconvenient to write a filter for everyone

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Roman Kitaev, 2019-01-08
@deliro

You're trying to get the object(s) with QuerySet, but the creator (model field) is equal to request.user. That is, instead of Model.objects.get(id=1234) you write Model.objects.get(id=1234, user=request.user). And instead of Model.objects.filter(some_field="some value") you write Model.objects.filter(some_field="some value", user=request.user). Well, provided that the Model really has a user field and it is filled in correctly.
You can unify this with a mixin for views - overriding the get_queryset method if CBVs are used

A

Alexander, 2019-01-10
@vintkor

A large number of performances are planned. it is inconvenient to write a filter for everyone

Why not use the kaskom manager?

D

Dmitry, 2019-01-18
@pyHammer

The best option for you is django-rules. And as mentioned above, a queryset with a filter by user, if you are using CBV, then you need to write a mixin with a get_queryset method reload. If you are writing function representations, I suggest you abandon them in favor of CBV.