Re: Multi Client Django System

Mon, 27 May 2013 06:05:56 -0700 

Thanks Frank!

Lots of great bed-time reading!!

Rich.


On 5/23/2013 2:32 PM, Frank Bieniek wrote:

Hi Richard,

How do you ( a ) get the system to call your "by user" query?
*a)* in your views you query manually - see below - organization_list

And ( b ) how do you get the system to send in the current "user"?
the magic is in the permalink.... *get_slugged_organization_documents_url*
in the delegation view you do some redirect, every organization has its own slug (model of organization): 

----
def *organization_list*(request):
    """
    Function checks implicitly if this user has more than one
    organization. If not forward to the organization absolute url
    if it is a partner admin go to the list page
    """
*qs = Organization.objects.by_user(request.user)*
    if qs.count() == 1:
        # a normal partner-admin / user won't see a list of organizations
        slug=qs[0].slug
return HttpResponseRedirect(*get_slugged_organization_documents_url*(slug)) 
    else:
        return organization_list_partner_admin(request)

def get_slugged_organization_documents_url(slug):
    return ('organization_documents', (), {'organization_slug': slug})
*get_slugged_organization_documents_url = permalink(get_slugged_organization_documents_url)* 

urls.py:
urlpatterns = patterns('',
    #no organization selected, redirects to user organization
    url(r'^$', organization_list, name='organization_list'),
# this one is the default url without any command, but users organization 
*url(r'^(?P<organization_slug>[-\w]+)/', *include(patterns('',
*url(r'^$', organization_documents, name='organization_default'),*
    .....
... and in the organizations_documents you check that the request.user is member of the slugged organization... 

def *organization_documents*(request, organization_slug):
    qs = Organization.objects.by_user(request.user)
    try:
        organization = qs.get(slug=organization_slug)
    except ObjectDoesNotExist:
        return HttpResponseForbidden('You are not allowed to....')
   ..... normal code here
.....

hope this helps.
basically you have a slugged organization, and a delegation view - the delegation view does the magic.
here is another solution to your problem - classed based view mixins for multi account setups: 
http://django-organizations.readthedocs.org

Welcome
Frank


Am 23.05.2013 03:46, schrieb Richard E. Cooke:

Frank!
You appear to have figured out what I spent most of today trying to figure out: How to get access to the current logged in user from INSIDE a custom data manager! 

Can you clarify something in your code?
In your custom manager you define "by_user", which takes "user" as an input. But in your class you just name your custom data manager in place of the default "object" manager.
How do you ( a ) get the system to call your "by user" query? And ( b ) how do you get the system to send in the current "user"?
I was thinking there might be a link through the site.model reference Managers get. Or maybe a way to pull it from session, but I keep get stuck on the fact this isn't a view, so it has no obvious access to a "request" object???? 

Thanks in advance!



On Monday, February 25, 2013 4:18:50 AM UTC-5, Frank Bieniek wrote:

    We achived the second level auth, by tying an extended group to a
    company,
    all company members are part of this group, so we can leverage the
    normal auth mechanismen.

    Hope this gives you an idea.

    Thanks
    Frank

    class CompanyManager(models.Manager):
         filter_by_user_limit_field = None

         def by_user(self, user):
             """
             Extension for filtering organization objects (also related
    objects) by
             the groups of a user.
             Avoiding that a user can touch other organization objects.
    Superusers and
             Partner Administrators are able to see all organizations.
             """
             # if the user is not logged in - no data
             if not user.is_authenticated():
                 return self.none()
             # TODO: optimization: would be nice to find a way to make
    by_user chainable like .filter(), ...
             return self.limit_queryset_by_user(
                 self.get_query_set(),
                 user,
                 self.model.filter_by_user_limit_field
             )

         @staticmethod
         def limit_queryset_by_user(qs, user, field_key):
             if user.is_superuser.count()>0:
                 return qs
             kwargs = {}
             if field_key and user.groups.count() > 0:
                 kwargs[field_key] = [u['id'] for u in
    user.groups.values('id')]
             return qs.filter(**kwargs)

    And in the model

    class Company(ExtendedModel):
         name = models.CharField(max_length=64, unique=True)
         slug = models.SlugField(unique=True)
         is_active = models.BooleanField(null=False, blank=False,
    default=True)

         filter_by_user_limit_field = "organizationgroup__in"
         objects = CompanyManager()

    class CompanyGroup(Group):
         """
         User group of the Organization
         """
         organization = models.OneToOneField(Organization)


    Am 23.02.2013 17:00, schrieb Gabriel - Iulian Dumbrava:
    > How I would do it would be to have a special column (foreign
    key) in each table (model) called Company (company_id) and change
    all default managers to filter on company_id =
    logged_in_user.company_id.
    >
    > In this way you are sure tha users only see what belongs to
    their company.
    >
    > You would have to pass the company_id to models, probably with
    a middleware which gets it from the logged in user and saves it
    somewhere.
    >
    > And you also have to save the default value of company_id to
    each newly created entry in every table, probably from the same
    source as above.
    >

--
You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. 
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.




--
You received this message because you are subscribed to a topic in the Google Groups "Django users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-users/qlf_LOpWN60/unsubscribe?hl=en. To unsubscribe from this group and all its topics, send an email to django-users+unsubscr...@googlegroups.com. 
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.





--


Regards,
Richard Cooke

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to