On Thu, Nov 19, 2009 at 4:36 PM, Preston Holmes <pres...@ptone.com> wrote:
> There are some details left out of how you want this to look.
>
> The lower the level you try to make an object self protecting, the
> trickier it's going to be.
>
> The sweet spot I think here is a custom manager that adds a protect
> filter, and perhaps a subclass of ModelForm if you need this in
> forms. The custom manager method would take a user obj as a
> parameter, then loop through the objects in the queryset and modify
> protected fields as needed.
>
> http://www.djangoproject.com/documentation/models/custom%5Fmanagers/
> http://www.djangosnippets.org/snippets/562/
Thanks for the links! These got me thinking along a line of thought,
and I came up with something like:
class MyModel(models.Model):
...
def __getattribute__(self, item):
if item == "fieldname":
return "XXXX"
else:
return super(MyModel, self).__getattribute__(item)
In the getattribute method, I can check some conditions (ie, to see if
the user is logged in), and provide my own data if not. This way, I
can write my django code and never have to worry that the value of
fieldname will ever accidentally not be protected as this is the only
way to get it.
See any problems with this (other than taking a small hit on every
field access)?
-Doug
> On Nov 18, 4:17 pm, Doug Blank <doug.bl...@gmail.com> wrote:
>> Django users,
>>
>> I have data that needs to be handled in two different manners,
>> depending on if the user has certain permissions or not. For example,
>> if a record is marked "private" and a user is not permitted, I want to
>> substitute the word "PROTECTED" for a particular field's value.
>>
>> Now, of course I realize that each and every place I refer to
>> table.fieldname I could wrap a protection around that, either in my
>> Python code, or in my templates.
>>
>> What I'm really looking for is something closer to the model code so
>> that I can be assured that no private data accidentally slips out.
>> Does Django have any built in support that does this, or could be
>> adapted to do this?
>>
>> Any ideas appreciated!
>>
>> -Doug
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=.
