On Tuesday 20 October 2009 11:47:51 Михаил Лукин wrote: > Next, we don't want 'edit' and 'change status' links to always appear on > task detail page, so we pass 'can_edit' and 'can_change_status' flags to > the template. But we never trust the browser, so in views 'task_edit' and > 'task_change_status' before displaying or processing the forms we check > AGAIN if requester has such permissions: >
for the record, if you're talking about testing permissions with the django
template language (i.e. {% ifequal user.permission 'can_edit' %} do something
{% endifequal %}), this is still done server side. The only thing going to
the client side is the actual html that the templating language is generating
after evaluating the template language.
>
> What is your best practice in such situations?
>
I concur with a custom tag.
Mike
--
Everyone's in a high place when you're on your knees.
signature.asc
Description: This is a digitally signed message part.
