Show different views based on user
27 views
Skip to first unread message
Rounak Jain
May 22, 2019, 8:39:23 PM5/22/19
to django...@googlegroups.com
I am new to Django. Below code returns objects created by the logged in user. If the user's role property has value 'super', then I want all the objects to be shown. If the user's role property is 'inter', then I want to show all objects except objects created by 'super'. Where is the right place to do this conditional querying?
Thanks
#views.py
class TaskViewSet(ModelViewSet):
serializer_class = TaskSerializer
def get_queryset(self):
return Task.objects.all().filter(created_by=self.request.user)
def perform_create(self, serializer):
serializer.save(created_by=self.request.user)
#serializers.py
class TaskSerializer(ModelSerializer):
class Meta:
model = Task
fields = ('id', 'name', 'status', 'created_by')
Thanks
#views.py
class TaskViewSet(ModelViewSet):
serializer_class = TaskSerializer
def get_queryset(self):
return Task.objects.all().filter(created_by=self.request.user)
def perform_create(self, serializer):
serializer.save(created_by=self.request.user)
#serializers.py
class TaskSerializer(ModelSerializer):
class Meta:
model = Task
fields = ('id', 'name', 'status', 'created_by')
Balaji Shetty
May 23, 2019, 9:17:50 AM5/23/19
to django...@googlegroups.com
HI
Consider this example and you may get the solution
Model name is Profile and in admin.py override this
def get_form(self, request, obj=None, **kwargs):
-------------------------------------------------------------
admin.py
from django.contrib.auth.models import User
class ProfileAdmin(admin.ModelAdmin):
class ProfileAdmin(admin.ModelAdmin):
def get_form(self, request, obj=None, **kwargs):
username = request.user.username # code to extract property
print (username)
if username == "dgp": #dgp is username
self.exclude = ("CaseAdvocate","CaseActionTaken", ) # "CaseAdvocate","CaseActionTaken",are column names
username = request.user.username # code to extract property
print (username)
if username == "dgp": #dgp is username
self.exclude = ("CaseAdvocate","CaseActionTaken", ) # "CaseAdvocate","CaseActionTaken",are column names
form = super(ProfileAdmin, self).get_form(request, obj, **kwargs)
return form
else:
form = super(ProfileAdmin, self).get_form(request, obj, **kwargs)
return form
return form
else:
form = super(ProfileAdmin, self).get_form(request, obj, **kwargs)
return form
------------------------------------------------
Replace dgp with your own username and write the query.
Here i am excluding "CaseAdvocate","CaseActionTaken" Columns in display for "dgp" user
and showing all colums to other user
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CANNuxWPeGAgGEikRkoYgdp%3Dse9W0MBVxsLwac1W_BJw0%3DtmGOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Mr. Shetty Balaji S.
Asst. Professor
Department of Information Technology,
Asst. Professor
Department of Information Technology,
SGGS Institute of Engineering & Technology, Vishnupuri, Nanded.MH.India
Official: bssh...@sggs.ac.in
Mobile: +91-9270696267
Enderson Menezes
May 23, 2019, 9:18:57 AM5/23/19
to Django users
From what I've seen you're using a Django Filters framework or REST Framework, if so, in my opinion I would develop two API's and control their access to the constraints which would make them secure. One of these apis would make one general query and the other specific.
Reply all
Reply to author
Forward
0 new messages