By the way, that 'owner' field would be something like this: owner = ForeignKey(User)
And in my example, I use the Form to make sure the Owner is set properly. On Wed, Oct 10, 2012 at 7:14 AM, Kurtis Mullins <kurtis.mull...@gmail.com>wrote: > You've got it. I included an 'owner' field on any model that I wanted to > show ownership with. This is actually not too insanely hard as you could > make a Parent Model or Mixin to make things easier. > > Another option is to use something like django-guardian to handle all of > your permissions. However, the one time I've used it (required by a third > party package) it wasn't the most pleasant experience in my opinion. > > > On Wed, Oct 10, 2012 at 3:39 AM, Stefano Tranquillini < > stefano.tranquill...@gmail.com> wrote: > >> Thanks. >> one question: this works great if you are modifying user data. in fact, >> you do the checking >> >> qs = super(RequestUpdateView, self).get_queryset() >> return qs.filter(owner=self.request.user) >> >> >> now. let's image i've a form (call it Task) that must be updated by >> someone (or a group of user). how can i do this control? >> do i have to put a "owner" field in the Task model and check it later or >> django does something of this automatically or exists a predefined way to >> do it? >> >> ciao. >> >> On Tuesday, October 9, 2012 5:14:50 PM UTC+2, Kurtis wrote: >> >>> Check out my example of the updateview here: http://stackoverflow.** >>> com/questions/5531258/example-**of-django-class-based-** >>> deleteview/10903943#10903943<http://stackoverflow.com/questions/5531258/example-of-django-class-based-deleteview/10903943#10903943> >>> >>> On Tue, Oct 9, 2012 at 10:48 AM, Stefano Tranquillini < >>> stefano.tr...@gmail.**com> wrote: >>> >>>> Hi all. >>>> I'm trying to let user update their values still having trouble. >>>> >>>> i've my models: >>>> >>>> class Language(models.Model): >>>> name = models.CharField(max_length=**100,default='') >>>> fb_id = models.IntegerField(default=0) >>>> >>>> def __unicode__(self): >>>> return str(self.fb_id) >>>> >>>> class UserProfile(models.Model): >>>> user = models.OneToOneField(User) >>>> name = models.CharField(max_length=**100,default='') >>>> surname = models.CharField(max_length=**100,default='') >>>> birthday = models.DateField(default=**datetime.now, blank=True) >>>> email = models.CharField(max_length=**100,default='') >>>> locale = models.CharField(max_length=**100,default='') >>>> picture = models.CharField(max_length=**255,default='') >>>> gender = models.CharField(max_length=**100,default='') >>>> hometown = models.CharField(max_length=**255,default='') >>>> #languages goes as 1-M relation >>>> languages = models.ManyToManyField(**Language) >>>> latitude = models.FloatField(default=0.0) >>>> longitude = models.FloatField(default=0.0) >>>> reward_dollars = models.DecimalField(decimal_** >>>> places=2,max_digits=8,default=**0.0) >>>> reward_time = models.IntegerField(default=0) >>>> # checkins = models.TextField() >>>> >>>> def __unicode__(self): >>>> return self.name+' '+self.surname >>>> >>>> >>>> and i've create view and form >>>> >>>> class UpdateForm(BootstrapForm): >>>> username = forms.CharField(label=(u'name'**)) >>>> name = forms.CharField(label=(u'**surname')) >>>> class Meta: >>>> layout = (Fieldset("Test","name", "surname",)) >>>> >>>> Here i used the >>>> https://github.com/earle/**django-bootstrap<https://github.com/earle/django-bootstrap>beacuse >>>> i've bootstrap as frontend. >>>> *Question:* do i have to create the form manually? or can django >>>> create it automatically for me?. in the second case, how can i deal with >>>> M-to-M relation or with the fact that i don't want to display some fields? >>>> >>>> class UserProfileUpdate(UpdateView): >>>> form_class = UpdateForm >>>> model = UserProfile >>>> template_name = 'userprofile_form.html' >>>> >>>> def get_object(self, queryset=None): >>>> return UserProfile.objects.get(user=**self.request.user) >>>> >>>> >>>> in the urls >>>> >>>> url(r'^profile/update/$',**UserProfileUpdate.as_view()), >>>> >>>> >>>> >>>> *Question:* here in the view i rewrote the get_object in order to get >>>> the current user. if i don't do it django wants a pk as parameters in the >>>> url, that's fine. but how can i assure that the user 1 can edits only the >>>> data of user 1 and not user 2. if he put /2/ in the url i get access to >>>> user 2 data. >>>> In addition to this, image to have a forum and people can edits post. >>>> how can i assure that each user can modifty only its posts? so avoid the >>>> fact that calling /update/{{idsomeoneelsepost}} they can edit a post. >>>> >>>> *Question:* do i've to implement the saving things or django does it >>>> automatically when data are POST (if so, how can i do that?) >>>> >>>> *Problem: *right now what i get by running this code is: __init__() >>>> got an unexpected keyword argument 'instance' >>>> >>>> I know that they can sounds as basic question, but i found that >>>> documentation of django is too detailed and miss examples while >>>> stackexchange and the like are questions that not always appliy to my need. >>>> do you have a good website or book with tutorials (i see there's a similar >>>> post from today)? >>>> >>>> ciao >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Stefano >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django users" group. >>>> To post to this group, send email to django...@googlegroups.com. >>>> To unsubscribe from this group, send email to django-users...@** >>>> googlegroups.com. >>>> >>>> For more options, visit this group at http://groups.google.com/** >>>> group/django-users?hl=en<http://groups.google.com/group/django-users?hl=en> >>>> . >>>> >>> >>> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/django-users/-/w7Y2lRG6Ru4J. >> >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
