Django's class based views (DetailView
, UpdateView
) default to using the pk
in the url as a named url group to determing which object to fetch, so judging by that i think it doesn't violate any practices by using the pk
in the url.
If you want a very memorable url you could create a slug and append the pk, while not perfectly optimal, would still be more memorable then a UUID
I also believe, your view should be validating whether the requesting user has the correct permissions to view the url, this should be independent of the actual url structure.