Testing for Membership Across Relations

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Testing for Membership Across Relations

Sam Sutch

Alright, so this is my third day with Django, and I am kind of stuck.

I'm trying to test for membership objects across relations in a lookup.
Hopefully that makes sense. O.o I'm using the basic User model. I have
a Friend model which makes two ForeignKeys to User:

class Friend(models.Model):
    user = models.ForeignKey(User)
    friend_of = models.ForeignKey(User, related_name='friends')
    class Admin:
    def __str__(self):
        return self.user.username

I want to use this model to limit access to certain rows/instances of
other models. I have four permission levels:

    (1, 'Everyone will be able to access this entity.'),
    (2, 'Only registered users will be able to access this entity.'),
    (3, 'Only your friends will be able to access this entity.'),
    (4, 'Only you will be able to access this entity.')

which I wish to use to limit access to rows/instances. For example, a
BlogEntry model (shown below), which has a IntegerField containing the
permission level set by the creator of the BlogEntry. When a user
visits a page, if the owner of the blog has certain entries set to
level 3 (viewable only by friends) I want it to show entries to logged
in users marked as friends, and hide the entries to those who aren't.
Anonymous users will only see entries marked as level 1, and only
logged in users will see entries marked level 2, so on, and so forth.

class ProjectEntry(models.Model):
    name = models.CharField(maxlength=200, blank=False)
    slug = models.SlugField(prepopulate_from=('name',))
    body = models.TextField(blank=False)
    created_on = models.DateTimeField(auto_now_add=True)
    modified_on = models.DateTimeField(auto_now=True)
    #project attached to
    project = models.ForeignKey(Project, related_name='entries')
    #authored by
    author = models.ForeignKey(User, related_name='entries')
    #status of entry [published, saved draft]
    status = models.CharField(maxlength=12, choices=STATUS_CHOICES)
    #permissions [public, private, protected, restricted]
    permissions = models.IntegerField(choices=PERMISSIONS)

I have this pretty much worked out. I will make a manager that view can
access via ProjectEntry.safe_objects that'll return QuerySets which can
then be paginated, etc... But I'm hitting one large stumbling block.
How can I test, for each entry, if, for entries marked with permission
level 3, the user's friend is requesting? Here is what I have thus far:

# this isn't in the manager yet
if user.is_anonymous():
    return ProjectEntry.objects.filter(permissions__lte=1)
if user.isnt_anonymous(): # :-P
    return ProjectEntry.objects.filter(permissions__lte=2).filter(
        author__friends__contains(user)) #this is where it doesn't work

Any help on this issue would be greatly appreciated!


You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users