Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django DetailView - How to change the get_object to check a field

Tags:

python

django

django-views

django-class-based-views

So I want to make a DetailView that shows a photo by itself and its associated information. However, I want to have it make sure the user has permission to access the photo as well.

This is the urls.py for the view

url(r'^photo/(?P<slug>[\-\d\w]+)/$', views.PhotoDetail.as_view(), name='photo'),

This is the views.py

class PhotoDetail(DetailView):
    template_name = 'otologue/photo_detail.html'

    def get_object(self, queryset=None):
        slug = self.get_slug_field()
        print(slug)
        object_instance = Photo.objects.filter(slug=slug)
        print(object_instance)
        object_user = object_instance.photoextended.user
        user = get_object_or_404(User, username=self.request.user)  # Get the user in the view

        if object_user != user:  # See if the object_user is the same as the user
            return HttpResponseForbidden('Permission Error')

        else:
            return object_instance

As you can see I try to get_slug_field() but when I print it it only says 'slug' when the slug should say the objects slug which is in the url. From this the object_instance doesn't have any object and then why I try to get the user from it, it can't find any data.

like image 485
Alex Haines Avatar asked Mar 07 '17 16:03

Alex Haines

1 Answers

The DetailView's get_object method already knows how to fetch an object by the slug. There's no need to duplicate this code, just call super().

Then you can compare the user to self.request.user directly - there's no need to refetch the user from the database with get_object_or_404.

Finally, you can't return a response from get_object, the method is meant to return the object. You can however raise an exception like Http404.

from django.http import Http404

class PhotoDetail(DetailView):

    def get_object(self, queryset=None):
        obj = super(PhotoDetail, self).get_object(queryset=queryset)
        if obj.user != obj.photoextended.user:
            raise Http404()
        return obj

A common approach in class based views is to override get_queryset and filter by user. The get_object method will use this queryset when fetching the object. If the object is not in the queryset, then the user will get a 404 error.

class PhotoDetail(DetailView):

    def get_queryset(self):
        queryset = super(PhotoDetail, self).get_queryset()
        return queryset.filter(photoextended__user=self.request.user)
like image 190
Alasdair Avatar answered Sep 21 '22 03:09

Alasdair
Sign in to Comment

Related questions

How to get variable data from a class
How to generate random integers with multiple ranges?
Import Matplotlib without a display
Python: read in an Array of json objects using json.loads()
List comprehension vs set comprehension
SSLError using pip install (to install tensorflow)
How to get the sum of a list of numbers with recursion?
Find all possible substrings beginning with characters from capturing group
Normalizing rows of a matrix python
Searching a sequence in a NumPy array
Scraping of protected email
Fill the outside of contours OpenCV
Absolute difference of two NumPy arrays
How to calculate percentage of sparsity for a numpy array/matrix?
Missing menuBar in PyQt5
tox tests, use setup.py extra_require as tox deps source
How to solve nan loss?
Flask-wtf dynamic select field with an empty option
Error when trying to import sklearn modules : ImportError: DLL load failed: The specified module could not be found
Matplotlib: xticks every 15 minutes, starting on the hour

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!