Answer the question
In order to leave comments, you need to log in
What's the best way to control a user's access to only their own data?
Suppose...
A synthetic example. We have users. Users have notebooks.
class Pad(Model):
name = CharField()
class Post(Model):
name = CharField()
text = textField()
pad = ForeignKey(Pad)
class Img(Model):
img = ImageField()
post = ForeignKey(Post)
Answer the question
In order to leave comments, you need to log in
Like it or not, there will be three requests everywhere. To the notebook, notes and her pictures. It is enough to give the notebook a connection to the "owner" of ForeignKey (User) and check the rights in the chain first for the rights of the notebook. And if you have enough rights, then make a request to the record and pictures.
If you want the rights of more than one user on a notebook. That is to make a separate model of rights and communicate through manitumani.
PS For feedback, you can use related_name
Google "django row level security" - there are examples and ready-made solutions.
But, in any case, you can’t do without checking for the owner.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question