Hi Picio, Luke and anyone else interested in challenging Django problems like this,
For those new to this thread, Picio and I independently tried using this recipe: http://code.djangoproject.com/wiki/CookBookThreadlocalsAndUser to create model managers that only permit a logged in user to see and change their own records. I think there are two levels to this problem. One has to do with the correct syntax for using the threadlocals.get_current_user() in a get_query_set filter. The other has to do with the way the Admin ChangeList class obtains its list of objects. Regarding the first issue, my test code in the manager like this (model code is at the bottom of this post): class ProjManager(models.Manager): def get_query_set(self): return(super(ProjManager, self).get_query_set().filter(owner__exact = 1)) works in the manage.py shell. It filters out objects whose owner id != 1. But is is hard to test this syntax which we would like to use: return(super(ProjManager, self).get_query_set().filter(owner__exact =threadlocals.get_current_user())) in the shell, because I haven't figured out how to log in from the shell. Regarding the second issue: when using the test manager above with the hard coded owner id, in the Admin ChangeList interface, the entire list of objects belonging to all owners is displayed. It should not., the shell proved that the manager was filtering properly. The admin list is not playing fair, and skipping the filter in the first manager example. But, when I click on any of the listed objects not belonging to owner id = 1, I get Page Not Found 404 error, so even though the list had the name of the object, it could not actually fetch the object. So the filter seems not to be observed by the part of the Admin interface which provides objects to change_list.html, but not to the object manipulator. I've been trying to read django/contrib/admin/views/main.py which contains the ChangeList class, but I'm afraid I'm not able to understand it well enough to solve this problem. Picio and I will be very grateful for any insight that can be provided. Thanks, Tom class Project(models.Model): class Admin: pass owner = models.ForeignKey(User,related_name="owner",blank=True, editable=False) last_edited_by = models.ForeignKey(User,related_name="last_edited_by",blank=True) name = models.CharField(maxlength=100) time_added = models.DateTimeField(auto_now_add=True) time_modified = models.DateTimeField(auto_now=True) objects = ProjManager() allobjects = models.Manager() --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
