Reputation: 10604
Django: UpdateView restrict per user
I have a site where users can create and edit their own lists.
I'm using the generic view CreateView to allow users to create lists.
I would like to use the generic view UpdateView to allow them to edit the lists, but the login_required=True is not enough in this case, since only the list creator can edit his/her list.
2 questions:
1) is there any parameter that I can specify in the URLconf to add this restrictions?
2) can I impose the those generic views should only work with POST and not GET?
Thanks
Upvotes: 8
Views: 2830
Answers (2)
Reputation: 11561
You could override get_queryset on the UpdateView:
def get_queryset(self):
base_qs = super(YourListUpdateView, self).get_queryset()
return base_qs.filter(user=self.request.user)
Upvotes: 11
Reputation: 6323
1) you can write decorator and use it same way as login_required decorator, ie:
def user_permitted(function):
def decorator(function):
def _wrapped_view(request, *args, **kwargs):
# get obj from request
if obj.user != request.user:
return HttpResponseRedirect(reverse('forbidden'))
return function(request, *args, **kwargs)
return _wrapped_view
return decorator(function)
2) yes, see decorators and Decorating class-based views
Upvotes: 2
Related Questions
- Restricting all the views to authenticated users in Django
- Django writing generic update view restricted to certain user
- How to limit access to the UpdateView of an object to the creator of that object
- Restrict `UpdateView` dataset for authenticated user in Class Based Views
- Updateview does not restrict only to the id of the logged in user
- How to allow only one User to see "UpdateView"?
- Django Class Based View UpdateView Restricted User
- Restrict access to view for unique user in Django w/o providing username and password
- django UpdateView for auth_user
- How to restrict access to certain user to an UpdateView?