Hi
I'm now doing serious (for me) work with Django (which I like a lot)
and have come up against a problem.
My application requires row-level permissions. I think I've got most
of it sorted out, but I'm having problems with templates and views.
My basis idea is this. Add a field
edit_groups = models.ManyToManyField(Group)
which tells us which group members can edit the object.
Then define a method
def is_editable_by(self, user):
if self.owner.pk == user.pk:
return True
if self.edit_groups.filter(user=user):
return True
return False
This allows me to determine if a user can edit the object.
Now for the problem. In the detail template for the object I'd like
to know if I can edit the object (so I can offer a link for doing
that). I don't see an easier and straightforward way of doing this,
particularly as I want to continue to use generic views.
The problem is that the request (with .user as an attribute) and the
item (with .is_editable_by as a method) meet only in the template, and
not before. This is, it seems to me, part of the architecture of
Django. For example, MIDDLEWARE_CLASSES and
TEMPLATE_CONTEXT_PROCESSORS are passed only the request object.
By the way, in the list view we'd like to tell the user which are the
items she can edit, so a single global won't do.
What would work is an 'attribute' of item, so we could write
{% if item.is_editable %}
but we have to know the user to make the calculation. The best I can
think of is something like
{% get_is_editable as myvar %}
{% if myvar %}
but that's not at all nice.
Here's a couple of related URLs. FIrst, a discussion in this group
Status of pre-object-level permissions
http://groups.google.com/group/django-users/browse_thread/thread/ad870c79b5d36f9a
Next, a clever hack
Django Admin Hack - Fields varying with user permissions
http://lukeplant.me.uk/blog.php?id=1107301634
referred to by this FAQ entry
http://docs.djangoproject.com/en/dev/faq/admin/#how-do-i-automatically-set-a-field-s-value-to-the-user-who-last-edited-the-object-in-the-admin
Does anyone have any ideas or suggestions? I'd like to do something
that was aligned with future Django developments.
Jonathan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
