Greetings, In a Web app, users can create categories for their data. Categories are stored in a model as (PK, user, name, description). I want users to be able to edit categories that belong to them using a formset. To display a subset of the fields is simple, I just use the queryset parameter. How do I make sure users can only edit their own categories?
So far I’m using a hack to this effect:
post = dict(request.POST.items())
for i in range(int(post["form-TOTAL_FORMS"])):
if post["form-%d-name" % i] != "":
post["form-%d-user" % i] = request.user.pk
with a check that the IDs mentioned actually belong to the current user’s
category.
Of course, the actual fields could have been anything, not just categories and
users. In general, I want the formset to operate on a subset of the table,
making sure all operations are within that subset, and that fields not
editable by users (the “user” field in my case) are correctly populated for
newly created records. How does one do that in Django?
--
TIA
Roman.
smime.p7s
Description: S/MIME cryptographic signature
