On Thursday 09 March 2017 14:36:55 Antonis Christofides wrote: > Exactly, "if you remember to write a test". Unit tests can help, but > when you do the same kind of permissions checking 10 times in 10 > different places of the app, it's really hard to know that you failed > to check edge case XYZ.
This sounds more and more like you haven't got a good inheritance chain for your CBV's. Take a look at Django Guardian: it has a different method for fetching objects a user has access to. If you inject that in a class that overrides SingleObjectMixin.get_object() and it's counterpart MultipleObjectMixin.get_queryset(), you can setup an inheritance chain that does all the work for you. But without some code examples for those edge cases and their view inheritance, it's hard to predict and it may be comfy to have a 2nd line of defence at the manager level. -- Melvyn Sopacua -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2599535.PjUGXTrGZr%40devstation. For more options, visit https://groups.google.com/d/optout.
