Thanks, It works. Also, other people are able to access the draft posts detail view through URL. I thought of a solution that I will provide only the list of drafts and if the user clicks on it will take to the edit page of that post. But I am not able to implement this thing.
On Monday, June 24, 2019 at 8:39:26 PM UTC+5:30, Aldian Fazrihady wrote: > > I would implement get_queryset method that filter blog post by > author=self.request.user > > Regards, > > Aldian Fazrihady > > On Sun, 23 Jun 2019, 20:55 Gaurav Sahu, <[email protected] <javascript:>> > wrote: > >> Hy, I am developing a Django Blog application. In this application, I >> have a PostEdit view to edit the post, Delete post view to delete the post. >> These operations can only be performed by the user who has created that >> post. I used Delete view as a functional view and edit view as CBV. Now >> what is happening is that any user is able to delete or edit the others >> post through URL. In my delete post view since it is a functional based >> view, I have used if condition to prevent another user to prevent deleting >> someone else post. But since for post edit, I am using CBV, I am not able >> to find a way to prevent a user from editing someone else's post. >> So how can I prevent doing another user to edit someone else post? >> >> >> class PostUpdateView(LoginRequiredMixin ,UpdateView): >> model = Post >> template_name = 'blog/post_form.html' >> form_class = PostForm >> >> def get_context_data(self, **kwargs): >> context = super().get_context_data(**kwargs) >> context['title'] = 'Update' >> return context >> >> def form_valid(self, form): >> form.instance.author = self.request.user >> form.save() >> return super().form_valid(form) >> >> >> @login_required >> def post_delete(request, slug): >> post = get_object_or_404(Post, slug=slug) >> if (request.user == post.author): >> post.delete() >> return redirect('blog:post_list') >> else: >> return redirect('blog:post_detail', slug=slug) >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/django-users. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/9b38d4e0-a30a-43ed-9af6-6c9ac545024f%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-users/9b38d4e0-a30a-43ed-9af6-6c9ac545024f%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/efb6c007-9aaa-48aa-af6e-2f18f0dff523%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
