permission_required_or_403 decorator on an 'Add or Edit'?
https://stackoverflow.com/questions/12918016
-
07-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I have a typical django view setup for adding a new or editing a current 'book' model (through forms). This is of the nature:
def bookedit(request, bookid=None):
if bookid:
book = get_object_or_404(Book, pk=bookid)
else:
book = Book()
if request.method == 'POST':
<form handling code.....>
I now want to put a decorator on this to limit editing to the user who created the Book. Using django-guardian I have the following decorator to wrap the above code:
@permission_required_or_403('myapp.edit_book', (Book, 'id', 'bookid'))
This works okay in the scenario of editing Books already created, i.e. a 403 will be thrown if the user is not the creator. However, in adding a new book the bookid is empty and crashes the decorator code. Is there a good way to handle this scenario (without separating out the edit and add functions)?
Thanks, Gerry
해결책
I'm sorry but that's not possible. django-guardian is not build for that request. Anyways I recommend to create all CRUD-views (create, read, update, delete) on their own.
