Re: Is there a version of @login_required that requires the user to log in as a specific user?

On May 25, 3:41 am, Andy wrote: > > But how do I stop user A from trying to edit the profile of user B? You don't let them. You control which profile you get from and save to the database, right? You look at the request.user object and only manipulate the data associated with the user specified

Re: Is there a version of @login_required that requires the user to log in as a specific user?

Hi, On 25.05.2009, at 10:59, Mike Ramirez wrote: > On Monday 25 May 2009 01:41:31 am Andy wrote: > >> But how do I stop user A from trying to edit the profile of user B? > > in urls.py > > url(r'profile/(P)/', 'up.views.profile', name='profile') you don't need the user name in the url for edit

Re: Is there a version of @login_required that requires the user to log in as a specific user?

On May 25, 2009, at 4:41 PM, Andy wrote: > > > > On May 24, 9:54 pm, Brian Neal wrote: >> On May 24, 6:50 pm, Continuation wrote: >> >>> For example, I have a view edit_profile that edits a user's profile. >>> Obviously I want to make sure that each user can edit his own >>> profile >>> only

Re: Is there a version of @login_required that requires the user to log in as a specific user?

On Monday 25 May 2009 01:41:31 am Andy wrote: > But how do I stop user A from trying to edit the profile of user B? in urls.py url(r'profile/(P)/', 'up.views.profile', name='profile') in views.py def edit(request, username): profile = UserProfile.objects.get(username__exact=username) for

Re: Is there a version of @login_required that requires the user to log in as a specific user?

On May 24, 9:54 pm, Brian Neal wrote: > On May 24, 6:50 pm, Continuation wrote: > > > For example, I have a view edit_profile that edits a user's profile. > > Obviously I want to make sure that each user can edit his own profile > > only. > > > So before the profile of user A is being edited b

Re: Is there a version of @login_required that requires the user to log in as a specific user?

On May 24, 6:50 pm, Continuation wrote: > For example, I have a view edit_profile that edits a user's profile. > Obviously I want to make sure that each user can edit his own profile > only. > > So before the profile of user A is being edited by edit_profile, I > want to make sure the current use

Is there a version of @login_required that requires the user to log in as a specific user?

For example, I have a view edit_profile that edits a user's profile. Obviously I want to make sure that each user can edit his own profile only. So before the profile of user A is being edited by edit_profile, I want to make sure the current user is logged in as user A. Is there a decorator that