Re: How to allow user only update who belong to that post ?
Just try out the lines below if request.user.is_authenticated: user = request.user if (post.author.username == user): # your code here else: # show yor error that you cannot edit other user's post else: return redirect ("/") On Thu, Apr 7, 2022, 23:14 Kasper Laudrup wrote: > On 07/04/2022 09.57, OG TV wrote: > > Hello everybody Please kindly help me out for my Django project I try to > > update the post from the specific admin but even i'm not belong to that > > post but i'm still can update that post so the point is I want to allow > > user can only update the post who belong to that post I meant who own > > that post . > > > > Reading this would be a good start if you want someone to help you: > > https://www.clearvoice.com/blog/how-to-use-punctuation/ > > Kind regards, > > Kasper Laudrup > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/92e69ee7-9b17-f54c-f30c-aa9dd390228c%40stacktrace.dk > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAF7qQgB3RsoE8_a-UWkMcdBfU2UUHEx%3D9bhyKEoU5AkbbGGEYg%40mail.gmail.com.
Re: How to allow user only update who belong to that post ?
On 07/04/2022 09.57, OG TV wrote: Hello everybody Please kindly help me out for my Django project I try to update the post from the specific admin but even i'm not belong to that post but i'm still can update that post so the point is I want to allow user can only update the post who belong to that post I meant who own that post . Reading this would be a good start if you want someone to help you: https://www.clearvoice.com/blog/how-to-use-punctuation/ Kind regards, Kasper Laudrup -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/92e69ee7-9b17-f54c-f30c-aa9dd390228c%40stacktrace.dk. OpenPGP_0xE5D9CAC64AAA55EB.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: How to allow user only update who belong to that post ?
Oh sorry this example is for DRF On Thursday, 7 April 2022 at 21:26:23 UTC+8 John Dollosa wrote: > Hello! > > I have a similar requirement from my project and heres what I did. > > 1. First you need to create a permissions.py file which contains a class > > Here is a sample code snippet. > > class UpdateOwnPost(permissions.BasePermission): > """Allow user to edit their own project""" > def has_object_permission(self, request, view, obj): > """If method belongs to SAFE METHODS like GET or PATCH always return > True which allows the permission > if request.method in permissions.SAFE_METHODS: >return True > >"""Here is when you do the filtering on your object model""" > return obj.user.id == request.user.id > > 2. Then on your views.py file use that permission class on the > *permission_classes* on your *Viewset*. > > class PostViewSet(viewsets.ModelViewSet): > """Post viewset""" > authentication_classes = (TokenAuthentication,) > serializer_class = serializers.ProjectSerializer > > permission_classes = ( > permissions.UpdateOwnPost, > IsAuthenticated, > ) > > Hope this helps. > > On Thursday, 7 April 2022 at 20:20:31 UTC+8 phans...@gmail.com wrote: > >> Hello everybody Please kindly help me out for my Django project I try to >> update the post from the specific admin but even i'm not belong to that >> post but i'm still can update that post so the point is I want to allow >> user can only update the post who belong to that post I meant who own that >> post . > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c05a8f77-d414-4f56-ace7-51a490163868n%40googlegroups.com.
Re: How to allow user only update who belong to that post ?
Hello! I have a similar requirement from my project and heres what I did. 1. First you need to create a permissions.py file which contains a class Here is a sample code snippet. class UpdateOwnPost(permissions.BasePermission): """Allow user to edit their own project""" def has_object_permission(self, request, view, obj): """If method belongs to SAFE METHODS like GET or PATCH always return True which allows the permission if request.method in permissions.SAFE_METHODS: return True """Here is when you do the filtering on your object model""" return obj.user.id == request.user.id 2. Then on your views.py file use that permission class on the *permission_classes* on your *Viewset*. class PostViewSet(viewsets.ModelViewSet): """Post viewset""" authentication_classes = (TokenAuthentication,) serializer_class = serializers.ProjectSerializer permission_classes = ( permissions.UpdateOwnPost, IsAuthenticated, ) Hope this helps. On Thursday, 7 April 2022 at 20:20:31 UTC+8 phans...@gmail.com wrote: > Hello everybody Please kindly help me out for my Django project I try to > update the post from the specific admin but even i'm not belong to that > post but i'm still can update that post so the point is I want to allow > user can only update the post who belong to that post I meant who own that > post . -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6ed1630b-8ee3-4a44-ab76-e3b7fc12ba4bn%40googlegroups.com.
How to allow user only update who belong to that post ?
Hello everybody Please kindly help me out for my Django project I try to update the post from the specific admin but even i'm not belong to that post but i'm still can update that post so the point is I want to allow user can only update the post who belong to that post I meant who own that post . -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ab411e78-a60e-450d-a9cb-a2d1a79cab40n%40googlegroups.com.
Re: TypeError: Cannot call delete() after .distinct() in the Admin
Sorry - just found it in the docs M On 7/04/2022 5:05 pm, Mike Dewhirst wrote: How can I remove the 'Delete' option from Django Admin actions? Many thanks Mike -- Signed email is an absolute defence against phishing. This email has been signed with my private key. If you import my public key you can automatically decrypt my signature and be sure it came from me. Just ask and I'll send it to you. Your email software can handle signing. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/caa68eb7-f56c-4ca9-36c8-86ccf8c17f91%40dewhirst.com.au. OpenPGP_signature Description: OpenPGP digital signature
TypeError: Cannot call delete() after .distinct() in the Admin
How can I remove the 'Delete' option from Django Admin actions? Many thanks Mike -- Signed email is an absolute defence against phishing. This email has been signed with my private key. If you import my public key you can automatically decrypt my signature and be sure it came from me. Just ask and I'll send it to you. Your email software can handle signing. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d51ac9f7-a46b-61ed-1406-184c5e95b108%40dewhirst.com.au. OpenPGP_signature Description: OpenPGP digital signature