CODEWITHSUNDEEP
pythondjango
Louis
Louis

Reputation: 370

Django Page Restriction (Admin and Members could be able to see it)

Thanks for your help

I got a question :

I want to make accessible only for two type of people: admin (ForeignKey) and friends (ManyToMany). All belongs to the same model.

The issue is user who belongs to friends are redirected to '/' and can not see the page

self.object.user -> user = models.ForeignKey(settings.AUTH_USER_MODEL,on_delete=models.CASCADE) self.object.friends -> friends = models.ManyToManyField(User,blank=True,related_name='friends_reservation')

def get(self,request,*args,**kwargs):
        self.object = self.get_object()
        if not (request.user == self.object.user or request.user == self.object.friends):
            return HttpResponseRedirect('/')

Edit :

def get(self,request,*args,**kwargs):
            self.object = self.get_object()
            if not (request.user == self.object.user or request.user in self.object.friends):
                return HttpResponseRedirect('/')

issue:

argument of type 'ManyRelatedManager' is not iterable

Upvotes: 0

Views: 42

Answers (2)

Beginner
Beginner

Reputation: 192

Make a change :)

def get(self,request,*args,**kwargs):
        self.object = self.get_object()
        if not (request.user == self.object.user or request.user in self.object.friends.all()):
            return HttpResponseRedirect('/')

Upvotes: 1

thlik
thlik

Reputation: 501

You should check if the user is within the current friends instance.

But you should see if what you have in self.object.friends is a queryset or not. Querysets are collections, so you can use in to check if an item belongs to it. Also, just to be careful, let's remove those parens:

def get(self,request,*args,**kwargs):
        self.object = self.get_object()
        if not request.user == self.object.user or request.user not in self.object.friends:
            return HttpResponseRedirect('/')

Upvotes: 1

Related Questions