Force sending a user to custom QuerySet.

Posted by Jack M. on Stack Overflow See other posts from Stack Overflow or by Jack M.
Published on 2010-04-09T17:33:04Z Indexed on 2010/04/09 18:13 UTC
Read the original article Hit count: 255

Filed under:

django

|

django-models

I'm trying to secure an application so that users can only see objects which are assigned to them. I've got a custom QuerySet which works for this, but I'm trying to find a way to force the use of this additional functionality. Here is my Model:

class Inquiry(models.Model):   
    ts = models.DateTimeField(auto_now_add=True)
    assigned_to_user = models.ForeignKey(User,
            blank=True,
            null=True,
            related_name="assigned_inquiries")
    objects = CustomQuerySetManager()
    class QuerySet(QuerySet):
        def for_user(self, user):       
            return self.filter(assigned_to_user=user)

(The CustomQuerySetManager is documented over here, if it is important.)

I'm trying to force everything to use this filtering, so that other methods will raise an exception. For example:

Inquiry.objects.all() ## Should raise an exception.
Inquiry.objects.filter(pk=69) ## Should raise an exception.
Inquiry.objects.for_user(request.user).filter(pk=69) ## Should work.
inqs = Inquiry.objects.for_user(request.user) ## Should work.
inqs.filter(pk=69) ## Should work.

It seems to me that there should be a way to force the security of these objects by allowing only certain users to access them.

I am not concerned with how this might impact the admin interface.

© Stack Overflow or respective owner

Related posts about django

Overriding the save() method of a model that uses django-mptt

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using django-mptt in my project for a while now, it's fabulous. Recently, I've found a need to override a model's save() method that uses mptt, and I'm getting an error when I try to save a new instance of that model: Exception Type: ValueError at /admin/scrivener/page/add/ Exception Value:… >>> More
Where is meta.local_fields set in django.db.models.base.py ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm getting the error: Exception Value: (1110, "Column 'about' specified twice") As I was reviewing the Django error page, I noticed that the customizations the model User, seem to be appended to the List twice. This seems to be happening here in django/db/model/base.py in base_save(): values… >>> More
Deploying Django on EC2 using Bitnami Djangostack: WSGI script cannot be loadded

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been struggling to deploy Django application on Amazon EC2 using Bitnami Djangostack for the last couple of days. When I go to http://dewey.io I see the default bitnami page (/opt/bitnami/apache2/htdocs/index.html), however, when I open http://dewey.io/portnoy, I get 'Internal Server Error'… >>> More
Internal Server Error with mod_wsgi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More
Internal Server Error with mod_wgsi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More

Related posts about django-models

how to import csv data into django models

as seen on Stack Overflow - Search for 'Stack Overflow'
i have some csv data and i want to export into django models the example of csv data 1;"02-01-101101";"Worm Gear HRF 50";"Ratio 1 : 10";"input shaft, output shaft, direction A, color dark green"; 2;"02-01-101102";"Worm Gear HRF 50";"Ratio 1 : 20";"input shaft, output shaft, direction A, color dark… >>> More
Subclassed django models with integrated querysets

as seen on Stack Overflow - Search for 'Stack Overflow'
Like in this question, except I want to be able to have querysets that return a mixed body of objects: >>> Product.objects.all() [<SimpleProduct: ...>, <OtherProduct: ...>, <BlueProduct: ...>, ...] I figured out that I can't just set Product.Meta.abstract to true or otherwise… >>> More
List display names from django models

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an object: POP_CULTURE_TYPES = ( ('SG','Song'), ('MV', 'Movie'), ('GM', 'Game'), ('TV', 'TV'), ) class Pop_Culture(models.Model): name = models.CharField(max_length=30, unique=True) type = models.CharField(max_length=2, choices = POP_CULTURE_TYPES, blank=True,… >>> More
Best way to re-use the same django models and admin for multiple apps

as seen on Stack Overflow - Search for 'Stack Overflow'
Given a reference app ( called guide), how can I create additional apps that will reuse the same model/admin/views than guide - the motivation behind is to be able to individually control each subapp. guide guideApp1 exact same models/admin/views than guide guideApp2 exact same models/admin/views… >>> More
Generate unique hashes for django models

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to use unique hashes for each model rather than ids. I implemented the following function to use it across the board easily. import random,hashlib from base64 import urlsafe_b64encode def set_unique_random_value(model_object,field_name='hash_uuid',length=5,use_sha=True,urlencode=False): … >>> More