Sorry one more thing, the above filters my querysets but then comes
the get() method on each model. I use urls with pk's so a user could
just try to change the url to a pk that does not belong to them and
view it. To filter this out I run yet another function:
def relation_branch_validation(request, relation):
if settings.DO_BRANCH_FILTER:
if relation.branch.id != request.userBranchID:
raise InvalidBranchException('%s is requesting data for
relation %s. Request from %s' % (request.user.username,
unicode(relation), request.view_name))
def aview(request, obj_id):
relation = get_object_or_404(Relation, pk = obj_id)
relation_branch_validation(request, relation)
This is really no fun adding these functions to each view and I tell
you there is a lot of views. :)
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
