Reputation: 671
Exposing View in Django-Python to delete items
I'm a newbie in Django-Python, i'm writing a view that expose a method to delete an order by a certain given id, but i'm not sure about the security level of this view, i mean, if a malicious user want to delete an order (or a certain number of orders ) it's able to do it without any problem...
So, i'm struggling in how to organize the view in order to make it callable from the client with the proper security level...
Thanks.
Upvotes: 0
Views: 38
Answers (1)
Reputation: 43320
You essentially need to provide a decorator to your function based view or mixin to your class based view depending on what you're using.
There are different options depending on what suits your needs
- Login required (obvious)
- Permission required (user must have specific permission)
- User Passes test (given user must satisfy a given requirement)
- Custom (your own decorator to do custom things)
All of these will give you the chance to redirect a user, stopping them from being able to use the view
Upvotes: 1
Related Questions
- What does the "yield" keyword do in Python?
- Convert bytes to a string in Python 3
- Does Python have a ternary conditional operator?
- What is the difference between @staticmethod and @classmethod in Python?
- How slicing in Python works
- How do I merge two dictionaries in a single expression in Python?
- What are metaclasses in Python?
- How can I delete a file or folder in Python?
- How do I get the current time in Python?
- Manually raising (throwing) an exception in Python