CODEWITHSUNDEEP
djangoauthenticationdjango-models
user479053
user479053

Reputation:

Django private messages for authenticated users

I've just read http://docs.djangoproject.com/en/dev/topics/auth/?from=olddocs (using django 1.2) & http://www.b-list.org/weblog/2006/jun/06/django-tips-extending-user-model/

I'm trying to create an inbox for my users where they could recieve private messages from other users, or potentially non-users via forms on the site. My question is, what is the best way to store these messages securely?

Should I extend the UserProfile (as demonstrated on b-list) & include a ForeignKey to a 'Messages' model? If so, how would I disable access to Messages unless its through UserProfile (I know I could do this in the view, but can I 'turn off' a model to only work through UserProfile) ? Or any other ideas, much appreciated!

Adam

Upvotes: 0

Views: 951

Answers (2)

Daniel Roseman
Daniel Roseman

Reputation: 599630

I don't know why you think that you need to do anything. Users don't have access to run random code on your system, so there's no way for them to access another user's messages unless you specifically provide them a way to do so.

(And Béres is correct that the FK should be from Message to User.)

Upvotes: 0

Botond Béres
Botond Béres

Reputation: 16673

UserProfile -> Message does not make much sense, it should be Message -> User

You should have a look at http://code.google.com/p/django-messages/ for a concrete implementation (although looks like it hasn't been updated in a while).

For example there they have:

class Message(models.Model):
    """
    A private message from user to user
    """
    sender = models.ForeignKey(User, related_name='sent_messages', verbose_name=_("Sender"))
    recipient = models.ForeignKey(User, related_name='received_messages', null=True, blank=True, verbose_name=_("Recipient"))

Upvotes: 2

Related Questions