Hi guys and gals, this is my first post to django-users. My problem: I need to filter a QuerySet, possibly using a Manager but I'm lost at how to do it. For example: class Special(models.Model): PERMS = (('by user', 'restrict to only allowed users'), ('anyone', 'no restrictions)) [.. model definition ] When the application tries to access the Special object via Special.objects.filter() it needs to check the current User object to see if they're allowed to access the object, and only to return a QuerySet that contains objects they're allowed to access (it will be mixed, IE: 3 out of maybe 10 that specific user will be allowed to access). I'm not apposed to writing a manager that introduces a method, something like Special.custom_manager.safe_filter(request) and I realize I'd have to pass it a request object no matter what. But how would I filter a QuerySet based on the PERMS information? If I haven't explained that clearly (very possible), here is the basic work flow I'm trying to achieve: [User Accesses Listing]-->[Query database and only return objects which said user is allowed to access]-->[Display Listing] The reason I'm trying to write a manager is because I have several different model types, but need them to behave similarly (with exactly the same PERMs list). You know, DRY. ;-) Thanks, Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [hidden email] To unsubscribe from this group, send email to [hidden email] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~--- |
The biggest reason I want to filter it here, in the Model level, is so I can still slice and chain filters, like normal QuerySets, and the permissions will be transparently taken care of. Thanks again, Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [hidden email] To unsubscribe from this group, send email to [hidden email] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~--- |
In reply to this post by Sam Sutch
Here, hopefully this can explain it better (a little more specific, but maybe that'll help): select all entries where: if the user is the owner or a writer of the blog, the private posts if the user is registered, the protected posts if the user is a member of the owner's friends network, the restricted posts if the user is a anonymous, the public posts Thanks again (again), Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [hidden email] To unsubscribe from this group, send email to [hidden email] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~--- |
In reply to this post by Sam Sutch
On Wed, 2006-10-11 at 23:27 +0000, samuraisam wrote: > Hi guys and gals, this is my first post to django-users. > > My problem: I need to filter a QuerySet, possibly using a Manager but > I'm lost at how to do it. For example: > > class Special(models.Model): > PERMS = (('by user', 'restrict to only allowed users'), ('anyone', > 'no restrictions)) > [.. model definition ] > > When the application tries to access the Special object via > Special.objects.filter() it needs to check the current User object to > see if they're allowed to access the object, and only to return a > QuerySet that contains objects they're allowed to access (it will be > mixed, IE: 3 out of maybe 10 that specific user will be allowed to > access). > > I'm not apposed to writing a manager that introduces a method, > something like Special.custom_manager.safe_filter(request) and I > realize I'd have to pass it a request object no matter what. But how > would I filter a QuerySet based on the PERMS information? Ignore the custom manage part for a moment and work out how you would do the filtering if you had to write the QuerySet by hand each time. That is going to depend completely on the model you have and what fields are restricted by permissions, etc, so you're going to have to work that out yourself. Once you know how to write the queryset by hand, your safe_filter() method will simply construct the same queryset and return it. Callers of that function can then append their own filters and restrictions to the result (it will still be a queryset) and do whatever they like. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [hidden email] To unsubscribe from this group, send email to [hidden email] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~--- |
Thanks, Malcom. I think I figured out what I need to do: if request.user.is_anonymous(): return posts which are marked "public" (easy) if request.user.is_logged_in(or whatever the method is): return posts which are marked "protected" (easy) also return posts which are marked "restricted" (not so easy, needs to check through a reference) author__friends__contains=current_user also need to return posts which are marked "private" (fairly easy...) author__exact=current_user I think I should be able to select then .filter().filter().filter() O.o -Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [hidden email] To unsubscribe from this group, send email to [hidden email] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~--- |
Another question: how can I check if a related field contains something? Thanks, Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [hidden email] To unsubscribe from this group, send email to [hidden email] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~--- |
Free forum by Nabble | Edit this page |