You've got it. I included an 'owner' field on any model that I wanted to show ownership with. This is actually not too insanely hard as you could make a Parent Model or Mixin to make things easier.
Another option is to use something like django-guardian to handle all of your permissions. However, the one time I've used it (required by a third party package) it wasn't the most pleasant experience in my opinion. On Wed, Oct 10, 2012 at 3:39 AM, Stefano Tranquillini < stefano.tranquill...@gmail.com> wrote: > Thanks. > one question: this works great if you are modifying user data. in fact, > you do the checking > > qs = super(RequestUpdateView, self).get_queryset() > return qs.filter(owner=self.request.user) > > > now. let's image i've a form (call it Task) that must be updated by > someone (or a group of user). how can i do this control? > do i have to put a "owner" field in the Task model and check it later or > django does something of this automatically or exists a predefined way to > do it? > > ciao. > > On Tuesday, October 9, 2012 5:14:50 PM UTC+2, Kurtis wrote: > >> Check out my example of the updateview here: http://stackoverflow.** >> com/questions/5531258/example-**of-django-class-based-** >> deleteview/10903943#10903943<http://stackoverflow.com/questions/5531258/example-of-django-class-based-deleteview/10903943#10903943> >> >> On Tue, Oct 9, 2012 at 10:48 AM, Stefano Tranquillini < >> stefano.tr...@gmail.**com> wrote: >> >>> Hi all. >>> I'm trying to let user update their values still having trouble. >>> >>> i've my models: >>> >>> class Language(models.Model): >>> name = models.CharField(max_length=**100,default='') >>> fb_id = models.IntegerField(default=0) >>> >>> def __unicode__(self): >>> return str(self.fb_id) >>> >>> class UserProfile(models.Model): >>> user = models.OneToOneField(User) >>> name = models.CharField(max_length=**100,default='') >>> surname = models.CharField(max_length=**100,default='') >>> birthday = models.DateField(default=**datetime.now, blank=True) >>> email = models.CharField(max_length=**100,default='') >>> locale = models.CharField(max_length=**100,default='') >>> picture = models.CharField(max_length=**255,default='') >>> gender = models.CharField(max_length=**100,default='') >>> hometown = models.CharField(max_length=**255,default='') >>> #languages goes as 1-M relation >>> languages = models.ManyToManyField(**Language) >>> latitude = models.FloatField(default=0.0) >>> longitude = models.FloatField(default=0.0) >>> reward_dollars = models.DecimalField(decimal_** >>> places=2,max_digits=8,default=**0.0) >>> reward_time = models.IntegerField(default=0) >>> # checkins = models.TextField() >>> >>> def __unicode__(self): >>> return self.name+' '+self.surname >>> >>> >>> and i've create view and form >>> >>> class UpdateForm(BootstrapForm): >>> username = forms.CharField(label=(u'name'**)) >>> name = forms.CharField(label=(u'**surname')) >>> class Meta: >>> layout = (Fieldset("Test","name", "surname",)) >>> >>> Here i used the >>> https://github.com/earle/**django-bootstrap<https://github.com/earle/django-bootstrap>beacuse >>> i've bootstrap as frontend. >>> *Question:* do i have to create the form manually? or can django create >>> it automatically for me?. in the second case, how can i deal with M-to-M >>> relation or with the fact that i don't want to display some fields? >>> >>> class UserProfileUpdate(UpdateView): >>> form_class = UpdateForm >>> model = UserProfile >>> template_name = 'userprofile_form.html' >>> >>> def get_object(self, queryset=None): >>> return UserProfile.objects.get(user=**self.request.user) >>> >>> >>> in the urls >>> >>> url(r'^profile/update/$',**UserProfileUpdate.as_view()), >>> >>> >>> >>> *Question:* here in the view i rewrote the get_object in order to get >>> the current user. if i don't do it django wants a pk as parameters in the >>> url, that's fine. but how can i assure that the user 1 can edits only the >>> data of user 1 and not user 2. if he put /2/ in the url i get access to >>> user 2 data. >>> In addition to this, image to have a forum and people can edits post. >>> how can i assure that each user can modifty only its posts? so avoid the >>> fact that calling /update/{{idsomeoneelsepost}} they can edit a post. >>> >>> *Question:* do i've to implement the saving things or django does it >>> automatically when data are POST (if so, how can i do that?) >>> >>> *Problem: *right now what i get by running this code is: __init__() got >>> an unexpected keyword argument 'instance' >>> >>> I know that they can sounds as basic question, but i found that >>> documentation of django is too detailed and miss examples while >>> stackexchange and the like are questions that not always appliy to my need. >>> do you have a good website or book with tutorials (i see there's a similar >>> post from today)? >>> >>> ciao >>> >>> >>> >>> >>> >>> -- >>> Stefano >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To post to this group, send email to django...@googlegroups.com. >>> To unsubscribe from this group, send email to django-users...@** >>> googlegroups.com. >>> >>> For more options, visit this group at http://groups.google.com/** >>> group/django-users?hl=en<http://groups.google.com/group/django-users?hl=en> >>> . >>> >> >> > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/django-users/-/w7Y2lRG6Ru4J. > > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
