Hi Richard,
How do you ( a ) get the system to call your "by user" query?
*a)* in your views you query manually - see below - organization_list
And ( b ) how do you get the system to send in the current "user"?
the magic is in the permalink.... *get_slugged_organization_documents_url*
in the delegation view you do some redirect, every organization has its
own slug (model of organization):
----
def *organization_list*(request):
"""
Function checks implicitly if this user has more than one
organization. If not forward to the organization absolute url
if it is a partner admin go to the list page
"""
*qs = Organization.objects.by_user(request.user)*
if qs.count() == 1:
# a normal partner-admin / user won't see a list of organizations
slug=qs[0].slug
return
HttpResponseRedirect(*get_slugged_organization_documents_url*(slug))
else:
return organization_list_partner_admin(request)
def get_slugged_organization_documents_url(slug):
return ('organization_documents', (), {'organization_slug': slug})
*get_slugged_organization_documents_url =
permalink(get_slugged_organization_documents_url)*
urls.py:
urlpatterns = patterns('',
#no organization selected, redirects to user organization
url(r'^$', organization_list, name='organization_list'),
# this one is the default url without any command, but users
organization
*url(r'^(?P<organization_slug>[-\w]+)/', *include(patterns('',
*url(r'^$', organization_documents, name='organization_default'),*
.....
... and in the organizations_documents you check that the request.user
is member of the slugged organization...
def *organization_documents*(request, organization_slug):
qs = Organization.objects.by_user(request.user)
try:
organization = qs.get(slug=organization_slug)
except ObjectDoesNotExist:
return HttpResponseForbidden('You are not allowed to....')
..... normal code here
.....
hope this helps.
basically you have a slugged organization, and a delegation view - the
delegation view does the magic.
here is another solution to your problem - classed based view mixins for
multi account setups:
http://django-organizations.readthedocs.org
Welcome
Frank
Am 23.05.2013 03:46, schrieb Richard E. Cooke:
Frank!
You appear to have figured out what I spent most of today trying to
figure out: How to get access to the current logged in user from
INSIDE a custom data manager!
Can you clarify something in your code?
In your custom manager you define "by_user", which takes "user" as an
input. But in your class you just name your custom data manager in
place of the default "object" manager.
How do you ( a ) get the system to call your "by user" query? And ( b
) how do you get the system to send in the current "user"?
I was thinking there might be a link through the site.model reference
Managers get. Or maybe a way to pull it from session, but I keep get
stuck on the fact this isn't a view, so it has no obvious access to a
"request" object????
Thanks in advance!
On Monday, February 25, 2013 4:18:50 AM UTC-5, Frank Bieniek wrote:
We achived the second level auth, by tying an extended group to a
company,
all company members are part of this group, so we can leverage the
normal auth mechanismen.
Hope this gives you an idea.
Thanks
Frank
class CompanyManager(models.Manager):
filter_by_user_limit_field = None
def by_user(self, user):
"""
Extension for filtering organization objects (also related
objects) by
the groups of a user.
Avoiding that a user can touch other organization objects.
Superusers and
Partner Administrators are able to see all organizations.
"""
# if the user is not logged in - no data
if not user.is_authenticated():
return self.none()
# TODO: optimization: would be nice to find a way to make
by_user chainable like .filter(), ...
return self.limit_queryset_by_user(
self.get_query_set(),
user,
self.model.filter_by_user_limit_field
)
@staticmethod
def limit_queryset_by_user(qs, user, field_key):
if user.is_superuser.count()>0:
return qs
kwargs = {}
if field_key and user.groups.count() > 0:
kwargs[field_key] = [u['id'] for u in
user.groups.values('id')]
return qs.filter(**kwargs)
And in the model
class Company(ExtendedModel):
name = models.CharField(max_length=64, unique=True)
slug = models.SlugField(unique=True)
is_active = models.BooleanField(null=False, blank=False,
default=True)
filter_by_user_limit_field = "organizationgroup__in"
objects = CompanyManager()
class CompanyGroup(Group):
"""
User group of the Organization
"""
organization = models.OneToOneField(Organization)
Am 23.02.2013 17:00, schrieb Gabriel - Iulian Dumbrava:
> How I would do it would be to have a special column (foreign
key) in each table (model) called Company (company_id) and change
all default managers to filter on company_id =
logged_in_user.company_id.
>
> In this way you are sure tha users only see what belongs to
their company.
>
> You would have to pass the company_id to models, probably with a
middleware which gets it from the logged in user and saves it
somewhere.
>
> And you also have to save the default value of company_id to
each newly created entry in every table, probably from the same
source as above.
>
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
