> hi people, I got a little question, how can I make some users add news > (model News), modify only news owned by him or even delete his news, not > others users news, but only admins can publish all of them?
http://www.djangoproject.com/documentation/authentication/#permissions The stock admin doesn't offer functionality to prevent a user from mucking with stuff they don't own, but you can write a custom view to handle it for you. Adding is distinct from modifying/deleting. For adding, you check whatever your condition is; for editing/deleting, you have an object that needs to have information regarding who created it. ADD = 'add' SAVE = 'save' DELETE = 'delete' @login_required dev view_news(request, id=None): if request.POST: action = request.POST.get('action', SAVE) if action == ADD and resquest.user.is_staff: # or whatever check you want... is_staff # or has_perm('news.can_add') pass # add the item else: item = get_object_or_404(News, id) if item.creator_id == request.user.id: if action == SAVE: pass # do save here elif action == DELETE: pass # do delete or delete-confirmation here else: raise WhatYouTalkinBoutWillisException else: return HttpResponseForbidden( "I'm sorry, Dave. You can't do that") return HttpResponseRedirect(wherever) else: if id: item = get_object_or_404(News, id) # show the form, populated with the item's data else: # show a blank form for them to add pass # do whatever you want here... -tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
