Django - How to deny the user to vote in his own objects?

Question

I'm new to Django and having some doubts on how to do this. I've installed an APP called Django-voting, https://github.com/jezdez/django-voting/

This APP allow the user to vote on is own objects. I need to deny this but not sure on how to do it. How can I know the owner of an object?

The code that I've to override is this view:

def vote_on_object(request, model, direction, post_vote_redirect=None,
    object_id=None, slug=None, slug_field=None, template_name=None,
    template_loader=loader, extra_context=None, context_processors=None,
    template_object_name='object', allow_xmlhttprequest=False):
    """
    Generic object vote function.

    The given template will be used to confirm the vote if this view is
    fetched using GET; vote registration will only be performed if this
    view is POSTed.

    If ``allow_xmlhttprequest`` is ``True`` and an XMLHttpRequest is
    detected by examining the ``HTTP_X_REQUESTED_WITH`` header, the
    ``xmlhttp_vote_on_object`` view will be used to process the
    request - this makes it trivial to implement voting via
    XMLHttpRequest with a fallback for users who don't have JavaScript
    enabled.

    Templates:``<app_label>/<model_name>_confirm_vote.html``
    Context:
    object
        The object being voted on.
    direction
        The type of vote which will be registered for the object.
    """
    if allow_xmlhttprequest and request.is_ajax():
    return xmlhttprequest_vote_on_object(request, model, direction,
                                         object_id=object_id, slug=slug,
                                         slug_field=slug_field)

    if extra_context is None:
    extra_context = {}
    if not request.user.is_authenticated():
    return redirect_to_login(request.path)

    try:
    vote = dict(VOTE_DIRECTIONS)[direction]
    except KeyError:
    raise AttributeError("'%s' is not a valid vote type." % direction)

    # Look up the object to be voted on
    lookup_kwargs = {}
    if object_id:
    lookup_kwargs['%s__exact' % model._meta.pk.name] = object_id
    elif slug and slug_field:
    lookup_kwargs['%s__exact' % slug_field] = slug
    else:
    raise AttributeError('Generic vote view must be called with either '
                         'object_id or slug and slug_field.')
    try:
    obj = model._default_manager.get(**lookup_kwargs)
    except ObjectDoesNotExist:
    raise Http404('No %s found for %s.' %
                  (model._meta.app_label, lookup_kwargs))

    if request.method == 'POST':
    if post_vote_redirect is not None:
        next = post_vote_redirect
    elif 'next' in request.REQUEST:
        next = request.REQUEST['next']
    elif hasattr(obj, 'get_absolute_url'):
        if callable(getattr(obj, 'get_absolute_url')):
            next = obj.get_absolute_url()
        else:
            next = obj.get_absolute_url
    else:
        raise AttributeError('Generic vote view must be called with either '
                             'post_vote_redirect, a "next" parameter in '
                             'the request, or the object being voted on '
                             'must define a get_absolute_url method or '
                             'property.')
    Vote.objects.record_vote(obj, request.user, vote)
    return HttpResponseRedirect(next)
    else:
    if not template_name:
        template_name = '%s/%s_confirm_vote.html' % (
            model._meta.app_label, model._meta.object_name.lower())
    t = template_loader.get_template(template_name)
    c = RequestContext(request, {
        template_object_name: obj,
        'direction': direction,
    }, context_processors)
    for key, value in extra_context.items():
        if callable(value):
            c[key] = value()
        else:
            c[key] = value
    response = HttpResponse(t.render(c))
    return response

I think I've to add some kind of verification here,

Vote.objects.record_vote(obj, request.user, vote)

Any clues on this subject?

Best Regards,

Answer 1

This app doesn't manage whether a user is owner or not of any object where he can make a vote, so you need to keep this control in each model who represents an entity able to be voted. For example, if you have a model A and you wish to know which user is owner of A you should have a user relation with the model A for tracking model owner users. We can represent this through an example:

from django.contrib.auth.models import User
from django.db import models
from django.contrib import messages

class A(models.Model):
    owner_user = models.ForeignKey(User)

so in any place on your code (in a view or in a verification method) you can do something like this:

# I will call `user_who_votes`  the user who is making the action of voting
# if you are in a view or have a `request` instance, you can access to its instance,
# as surely you already know, with `user_who_votes = request.user`, always checking  
# this user is authenticated (`if request.user.is_authenticated():`).
try:
    # Checking if the user who is voting is `A`'s owner,
    # if he is, so you can register a message and show it
    # to the user when you estimate (it is only an idea,
    # maybe you can have a better option, of course). 
    a = A.objects.get(owner_user=user_who_votes)
    messages.add_message(request, messages.ERROR, 'You can not vote on your own entities.'))
except A.DoesNotexist:
    # In this point you are sure at all that `user_who_votes`
    # isn't the owner of `A`, so this user can vote.
    Vote.objects.record_vote(a, user_who_votes, vote)

Hope this can help you.