Not that way anymore. I will just check (in the middleware) if the
requested entry's author is the logged in user (for edit action) if not
throw exception.
--
Adam Hoscilo
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Gro
Just curious -- so now you're going to tie your middleware to the
model? ;-)
The MV(C|T) police will come after you!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, sen
You're right - my fault.
It just isn't the way I would like to handle this problem.
But I've forgotten about middleware and I think this will be the best
way to solve this _issue_ without breaking MVC(MVT) schema (just check
if the requested object was created by user).
--~--~-~--~~-
But Luke *is* proposing to do this in a manager. The middleware just
makes the current user available in the model/manager. (if you want it
to be)
Rather than a hack, the functionality that his middleware module
provides seems to me a missing part in a mostly very pragmatic
codebase, but I digres
But it's some kind of a hack that I don't want to have in my app.
It's easy to achieve this by get/filter in views - but manager would be
more secure(error-proof).
--
Adam Hoscilo
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Go
On Saturday 17 June 2006 10:50, Adam Hoscilo wrote:
> I would like to filter entries from a logged in user and give him/her
> the ability to edit them - it would be nice to ensure that scope by
> manager.
> As far as I know Models don't have access to request and session data
> (and I realize it'
6 matches
Mail list logo
