I agree that hacking request.user is a bad idea here. Write a function for your view that returns data for a given user ID, then call it with the owner or visitor's ID. I would also have two separate views unless what the users are doing is very similar.
On Jan 2, 5:54 am, bruno desthuilliers <bruno.desthuilli...@gmail.com> wrote: > On 1 jan, 23:30, nbv4 <cp368...@ohio.edu> wrote: > > > > > I have a webapp that is accessed by the following urls (among others): > > > example.com/foobar-page-23 > > example.com/preferences > > example.com/barfoo > > > etc. > > > When these URL's are access, the page is displayed using data from the > > user who is logged in via request.user. > > > I also want it so the user can link others via: > > > example.com/share-34-gHy6GdY/foobar-page-23 > > example.com/share-34-gHy6GdY/barfoo > > > where 34 is the user_id and the stuff after the dash is just 34 ran > > through a sha1-type hash to provide some simple security. This page > > will display data as if request.user is user #34, except of course > > request.user.is_authenticated() will return false, and the widgets for > > changing data will be hidden in the template, and the navigation links > > will not display "preferences" and the link. > > > I'm just wondering whats the best way to go about this? Am I going to > > have to write code into each view that substitutes request.user with > > User(pk=34), or should I make a separate view for the sharing > > functionality that passes a modified 'request' object to the other > > view? How would 'yall django experts go about attacking this one? > > (looks like my previous answer got lost so I repost it) > > What you really have here is a "visitor" (request.user) and an > "owner" (here user #34) - which be the same user or not. So it might > be better to reflect this in your code instead of hacking > request.user. Then instead of testing whether request.user is > authenticated, you test if request.user == owner. wrt/ your urls/ > views, it's just a matter of making the user_id part optional, and > using request.user as owner if no user_id is provided. > > My 2 cents... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
