Thanks, It works. Also, other people are able to access the draft posts
detail view through URL. I thought of a solution that I will provide only
the list of drafts and if the user clicks on it will take to the edit page
of that post. But I am not able to implement this thing.
On Monday, June 24, 2019 at 8:39:26 PM UTC+5:30, Aldian Fazrihady wrote:
>
> I would implement get_queryset method that filter blog post by
> author=self.request.user
>
> Regards,
>
> Aldian Fazrihady
>
> On Sun, 23 Jun 2019, 20:55 Gaurav Sahu, <gaurav...@gmail.com <javascript:>>
> wrote:
>
>> Hy, I am developing a Django Blog application. In this application, I
>> have a PostEdit view to edit the post, Delete post view to delete the post.
>> These operations can only be performed by the user who has created that
>> post. I used Delete view as a functional view and edit view as CBV. Now
>> what is happening is that any user is able to delete or edit the others
>> post through URL. In my delete post view since it is a functional based
>> view, I have used if condition to prevent another user to prevent deleting
>> someone else post. But since for post edit, I am using CBV, I am not able
>> to find a way to prevent a user from editing someone else's post.
>> So how can I prevent doing another user to edit someone else post?
>>
>>
>> class PostUpdateView(LoginRequiredMixin ,UpdateView):
>> model = Post
>> template_name = 'blog/post_form.html'
>> form_class = PostForm
>>
>> def get_context_data(self, **kwargs):
>> context = super().get_context_data(**kwargs)
>> context['title'] = 'Update'
>> return context
>>
>> def form_valid(self, form):
>> form.instance.author = self.request.user
>> form.save()
>> return super().form_valid(form)
>>
>>
>> @login_required
>> def post_delete(request, slug):
>> post = get_object_or_404(Post, slug=slug)
>> if (request.user == post.author):
>> post.delete()
>> return redirect('blog:post_list')
>> else:
>> return redirect('blog:post_detail', slug=slug)
>>
>>
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django...@googlegroups.com <javascript:>.
>> To post to this group, send email to django...@googlegroups.com
>> <javascript:>.
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/9b38d4e0-a30a-43ed-9af6-6c9ac545024f%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/django-users/9b38d4e0-a30a-43ed-9af6-6c9ac545024f%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/efb6c007-9aaa-48aa-af6e-2f18f0dff523%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
