On Monday 25 May 2009 01:41:31 am Andy wrote: > But how do I stop user A from trying to edit the profile of user B?
in urls.py
url(r'profile/(P<username>)/', 'up.views.profile', name='profile')
in views.py
def edit(request, username):
profile = UserProfile.objects.get(username__exact=username)
form = None
if profile.username == request.user.username:
form = UserProfileForm()
render_to_response('profile/profile.html', {'form':
form, 'profile':profile}, context_instance=RequestContext(request))
int profile/profile.html:
{% if form %}
Editable User form html.
{{ form.as_p }}
{% else %}
Uneditable user profile info.
{{ comment loop through profile object showing the user details you
want to
show off }}
{% endif %}
The key is in views.py and the check, you should expect request.user to be the
object representing the current user requesting the page, if the requested
username and the request.user.username match, return a valid form (you can
instatiate the form with the profile data) otherwise return the form variable
set to None and the check in the template will work as expected.
The exact specifics are upto you, but this is how I do it.
Mike
--
"Our vision is to speed up time, eventually eliminating it."
-- Alex Schure
signature.asc
Description: This is a digitally signed message part.
