I did find a nice sidewide middleware login system which takes care of one aspect of my 'problem'. http://www.djangosnippets.org/snippets/1158/
Not completely to my taste, because it (me?) requires some css file in PUBLIC_URLS. Figured I'd start on the manual @login_required for now to get some handson experience first I might *bump* this message again later. Regards, Gerard. Sam Lai wrote: > 2009/8/21 Gerard <lijss...@gp-net.nl>: >> Hi All, >> >> I'm working on an invoice system, currently deployed the single user version >> in house. Next one is gonna be a full blown multi user setup. Having >> fairly good knowledge of security, I was wondering what would be best >> practice in Django for data separation. So user A only sees his customer >> data and not the data from user B. >> >> Some side notes: >> - Since there's a good auth system in Django I would like to take full >> advantage of that. >> - User session info will be used so al app users see the same url. Thus not >> http://example.com/userid/customers but http://example.com/customers >> - Fixating security on record level, seems error prone, coding wise >> - Fixating on database seems badly manageble in the long run, since there >> will be a lot of users, but not an incredible amount of data per user. >> > > Interesting stuff; I'm interested in knowing what the best practices are too. > > One thing I'm considering doing is overriding the default manager in > each model so that the current user is considered when making queries. > This makes it harder for you to accidentally return all user's data in > the view. > > Of course, you can still have the default manager in the model; just > name it something else so you have to consciously use it. > > > -- self.url = www.gerardjp.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
