I have several objects of the Model Foo(SelfPublishModel, models.Model) and a FooRouter(ModelRouter). The website is already running on an internal server and pushes the changed states of the Foo-objects to the users, but until now every logged-in user can see (e.g. via the DevTools in Chrome) the changes on every Foo-object. I want to change that, so only a subgroup of users, who have permission to do so, can view the updates on one Foo-object. For the static part this is already achieved via django-guardian. The documentation mentions using get_subsction_context(self, **kwargs) for this kind of problem, but it is kind of confusing. So how can I limit the user-access to each Foo-Object individually (preferably using the same permission rules from django-guardian). Should i use swampdragon-auth for this and how can I handle more than one user with it? My source-code looks like this:
# [models.py]
# ...
from swampdragon.models import SelfPublishModel
from .serializers import FooSerializer
class Foo(SelfPublishModel, models.Model):
class Meta: # for django-guardian
permissions = (
('view_permission', 'View permission'),
)
number = models.CharField(primary_key=True, max_length=6, blank=False)
# ...
name = models.CharField(max_length=100, default="some foo", blank=False)
# [router.py]
from swampdragon import route_handler
from swampdragon.route_handler import ModelPubRouter
from swampdragon.route_handler import ModelRouter, BaseRouter
from .serializers import FooSerializer
class FooRouter(ModelRouter):
serializer_class = FooSerializer
model = Foo
route_name = "foo-route"
def get_object(self, **kwargs):
return self.model.objects.get(pk=kwargs["pk"])
def get_query_set(self, **kwargs):
return self.model.objects.all()
route_handler.register(FooRouter)
# [serializers.py]
from swampdragon.serializers.model_serializer import ModelSerializer
# ...
class FooSerializer(ModelSerializer):
class Meta:
model = "app.Foo"
publish_fields = ("number", "name") # and others
# ...
Thanks in advance.
Edit: Im using django 1.8, django-guardian 1.3.1 and swampdragon 0.4.2.1
Nevermind. I figured it out. Wasn't that difficult after all. Now all i have is the "deleted"-Bug for updates in not subscibed channels, which should be fixed in 4.3.
I have several objects of the Model
Foo(SelfPublishModel, models.Model)
and aFooRouter(ModelRouter)
. The website is already running on an internal server and pushes the changed states of theFoo
-objects to the users, but until now every logged-in user can see (e.g. via the DevTools in Chrome) the changes on everyFoo
-object. I want to change that, so only a subgroup of users, who have permission to do so, can view the updates on one Foo-object. For the static part this is already achieved via django-guardian. The documentation mentions usingget_subsction_context(self, **kwargs)
for this kind of problem, but it is kind of confusing. So how can I limit the user-access to each Foo-Object individually (preferably using the same permission rules from django-guardian). Should i useswampdragon-auth
for this and how can I handle more than one user with it? My source-code looks like this:Thanks in advance. Edit: Im using
django 1.8
,django-guardian 1.3.1
andswampdragon 0.4.2.1