0

I have next models:

class CategoryLesson(models.Model):
    title = models.CharField()


class Lesson(models.Model):
    title = models.CharField()
    category = models.ForeignKey(CategoryLesson)


class UserRole(models.Model):
    rolename = models.CharField()
    lessons = models.ForeignKey(CategoryLesson)
    group = models.ForeignKey(Group)


class SiteUser(models.Model):
    username = models.OneToOneField(User)
    roles = models.ManyToManyField(UserRole)

There are 3 categories, and no limit users. And i cant understand how limit access some SiteUser to some CategoryLesson & Lesson . Already watched django-guardian, and dont see some of the differences between this application and django generic has_perm for this case. Is really i should create 3 models for each category??

Improve this question

1 Answer 1

Reset to default
1

Here you have to set a check in GET request whether your user has permission to access the specific categorylesson. Lets assume that your url is like this: 192.168.0.1:8000/categorylessson/?cat_id=1. (I am using a class based view here.)

class CategoryLessonList(TemplateView):
    ...
    def get(self, request, *args, **kwargs):
        siteuser= SiteUser.objects.get(username=request.User)
        siteuser_roles= siteuser.roles.all()
        specific_category= CategoryLesson.objects.get(id= int(request.GET.get('cat_id')))
        for role in siteuser_roles:
           r_lessons=role.objects.filter(lessons= specific_category)
           if len(r_lessons)>0:
                return super(CategoryLessonList, self).get(request, *args, **kwargs)
        return redirect('/no-access')

PS: its an untested code.

Improve this answer
1

Not the answer you're looking for? Browse other questions tagged or ask your own question.