What is the correct way to grant permissions to edit an object in Django?

B

blackbb2017-03-18 23:17:55

Django

blackbb, 2017-03-18 23:17:55

The essence of the problem is as follows. There is a profile model, there is a profile editing page, how to make it so that only the owner of the profile can edit the profile, and not any registered user. Now by going to /profile/edit/1/ I can edit my profile, just as if I go to /profile/edit/2/ I can edit another user's profile. At the moment I'm struggling with it like this: "{%if profile.username == user.username%}", then the edit button is displayed. I understand that this is done at the views level, but I can't figure out how.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

devalone, 2017-03-19
@blackbb

At the moment I'm fighting it like this: "{%if profile.username == user.username%}",

This must be done in view. For example, I do this:

@transaction.atomic                                                              
@login_required                                                                  
def editEvent(request, pk):                                                      
    event = get_object_or_404(Event, pk=pk)                                      
    if request.user != event.owner:                                              
        raise Http404()