Sure Nikolas I will reconsider your solution.
In case I go for model inheritance then can I use the following solution to
load the class dynamically?
mod = __import__('mysite.departments', fromlist=[form.getDepartment()])
klass = getattr(mod, 'form.getDepartment()')
Thanks
Rohit Banga
http://iamrohitbanga.com/
On Fri, Sep 21, 2012 at 4:33 PM, Nikolas Stevenson-Molnar <
nik.mol...@consbio.org> wrote:
> I would still argue that the best solution is to use a robust permissions
> model which would preclude this. Wherever there is code, you invariably
> have the potential for security flaws. The more complicated you make that
> code, the more chances for mistakes. On the other hand, simpler code with
> well-defined methods for data access (e.g., maybe you never use
> MyModel.objects, but rather have a custom function for filtering objects
> based on permissions constraints; then you only have to ensure security in
> one place) make for fewer mistakes and a code base which is easier to
> maintain.
>
> _Nik
>
>
> On 9/21/2012 12:26 PM, Rohit Banga wrote:
>
>
> I don't want to filter rows by "userid" since one place we forget the
> filter in the code and there is an unauthorized data access.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
