Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Kirill Pisarev2015-08-21 16:15:59
Django
Kirill Pisarev, 2015-08-21 16:15:59

How to limit the ability to go to a specific url?

Good afternoon.
The bottom line is that there is a CBV for updating an existing record in the database:

class ResumeUpdate(UpdateView):
    model = UserResume
    form_class = ResumeForm
    template_name = 'InteractiveProfile/update_resume.html'

url:
url(r'(?P<pk>[0-9])_resume/update/$',
                           ResumeUpdate.as_view(success_url=('/profiles/')),
                           name='user_resume_update'),

pk in this case is the user id.
Actually, the problem is that any user can enter any value in the url and go to edit another user's page. How can I prevent him from doing this?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
U
un1t, 2015-08-21
@un1t

Something like this

from django.core.exceptions import PermissionDenied

if resume.user_id != self.request.user.id:
    raise PermissionDenied

Similar questions
V
Vyacheslav Rakhinsky2015-12-27 21:16:24
How to make one global instance of a class in Django? 1Reply
G
gaalev2020-06-03 12:32:46
How to localize date in Django? 1Reply
V
Vova Putsyk2018-05-09 15:09:19
How to use django orm in telegram bot? 1Reply
G
Gleb2021-08-20 12:22:34
Is Django asynchronous or not? 1Reply
V
Valery Semenov2012-12-23 21:01:21
celery. Running a Single Task Sequentially 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question