Menu
I have a schema like this:
models.py:
class Evento(models.Model):
[...]
user = ForeignKey(model=User)
forms.py:
class EventoForm(forms.ModelForm):
class Meta:
model = Evento
and a subclass of generic view UpdateView. I want to restrict access to that view to the user specified in that Evento instance. Where is the best approach to of that?
978
After calling dispatch, all your data is saved, no matter whether the user has permission. You must check permission before calling dispatch. Look at this snippets http://djangosnippets.org/snippets/2426/. But the better way redefine get_object method:
def get_object(self, *args, **kwargs):
obj = super(EditarEvento, self).get_object(*args, **kwargs)
if obj.user != self.request.user:
raise PermissionDenied() #or Http404
return obj
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
