Filter QuerySet using Manager

Hi guys and gals, this is my first post to django-users.

My problem: I need to filter a QuerySet, possibly using a Manager but
I'm lost at how to do it. For example:

class Special(models.Model):
    PERMS = (('by user', 'restrict to only allowed users'), ('anyone',
'no restrictions))
    [.. model definition ]

When the application tries to access the Special object via
Special.objects.filter() it needs to check the current User object to
see if they're allowed to access the object, and only to return a
QuerySet that contains objects they're allowed to access (it will be
mixed, IE: 3 out of maybe 10 that specific user will be allowed to
access).

I'm not apposed to writing a manager that introduces a method,
something like Special.custom_manager.safe_filter(request) and I
realize I'd have to pass it a request object no matter what. But how
would I filter a QuerySet based on the PERMS information?

If I haven't explained that clearly (very possible), here is the basic
work flow I'm trying to achieve:

[User Accesses Listing]-->[Query database and only return objects which
said user is allowed to access]-->[Display Listing]

The reason I'm trying to write a manager is because I have several
different model types, but need them to behave similarly (with exactly
the same PERMs list). You know, DRY. ;-)

Thanks,
Sam


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---

The biggest reason I want to filter it here, in the Model level, is so
I can still slice and chain filters, like normal QuerySets, and the
permissions will be transparently taken care of.

Thanks again,
Sam


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---

Here, hopefully this can explain it better (a little more specific, but
maybe that'll help):

    select all entries where:
        if the user is the owner or a writer of the blog, the private
posts
        if the user is registered, the protected posts
        if the user is a member of the owner's friends network, the
restricted posts
        if the user is a anonymous, the public posts

Thanks again (again),
Sam


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---

On Wed, 2006-10-11 at 23:27 +0000, samuraisam wrote:
Ignore the custom manage part for a moment and work out how you would do
the filtering if you had to write the QuerySet by hand each time. That
is going to depend completely on the model you have and what fields are
restricted by permissions, etc, so you're going to have to work that out
yourself.

Once you know how to write the queryset by hand, your safe_filter()
method will simply construct the same queryset and return it. Callers of
that function can then append their own filters and restrictions to the
result (it will still be a queryset) and do whatever they like.

Regards,
Malcolm



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---

Thanks, Malcom.

I think I figured out what I need to do:

if request.user.is_anonymous():
  return posts which are marked "public" (easy)
if request.user.is_logged_in(or whatever the method is):
  return posts which are marked "protected" (easy)
  also return posts which are marked "restricted" (not so easy,
  needs to check through a reference)
author__friends__contains=current_user
  also need to return posts which are marked "private" (fairly easy...)
  author__exact=current_user

I think I should be able to select then .filter().filter().filter() O.o

-Sam


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---

Another question: how can I check if a related field contains
something?

Thanks,
Sam


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---