As suggested, you could enforce this at the view level. I would add that
you could even wrap a generic view. For example, here some code wrapping
the object_list generic and filtering the queryset by user ID:
def time_by_user_list(request,
template_name=TEMPLATE_BASE+'timesheet.html'):
if not request.user.is_anonymous():
queryset = TimeRecord.objects.filter(user__id=request.user.id)
return object_list(request,
queryset,
template_name=template_name,
extra_content={'period':'all'})
On Saturday 05 August 2006 05:57, Waylan Limberg wrote:
> On 8/4/06, Dave <[EMAIL PROTECTED]> wrote:
>
> [snip]
>
> > How can I set up the User permissions such that the logged in User can
> > only access Orders they've created?
>
> This feature is not yet available, although it is being worked on [1].
> As a workaround, I believe it has generally been suggested that you
> should add some code to your view which checks that the current user
> is the same as the user who created the entry and act accordingly
> there. A quick search of the list should give you plenty of examples.
> Of course, this means that generic views are out and it won't affect
> the admin app.
>
> [1] http://code.djangoproject.com/wiki/RowLevelPermissions
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
