enforce security (permissions) on django comments
https://stackoverflow.com/questions/12753986
-
05-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I'm using the standard django.contrib.comments app. However, for my app i need to enforce more granular permissions on posting and viewing comments. For instance, i only want certain people to view comments posted against a given object, and prevent others from posting comments against a given object. its enough to know the target object id and the current user to enforce the permissions.
my initial thought is to put a decorator around the comment urls, but since they are included i'm not quite sure how to do that.
(r'^comments/', include('django.contrib.comments.urls')),
i can break them up into the individual url's and add the decorator there (i.e. bring all the urls from django.contrib.comments.urls into myapp.urls) but that feels wrong.
any ideas on the best way to go?
المحلول
You can just override single urls, it is a common practice.
