Hi all... I've added the following to my model:
class User(db.Model):
GoogleAccount = db.UserProperty()
LastLogin=db.DateTimeProperty(auto_now=True)
class Pet(db.Model):
Owner = db.ReferenceProperty(User, collection_name='pets')
PetName = db.StringProperty()
My URLs are trying to look something like this:
/pets -> list view of all my pets
/pets/([0-9]+) -> single pet view
I've got the list working, but the single pet view is causing me
problems. The digits at the end of the url are the id of the pet, and
I need to make sure when viewing the pet in question, it's the right
user trying to access it.
If I just do: pet=models.Pet.get_by_id(int(PetId)), anyone could hack
the URL and see the details of any pet.
I'm then trying to do something like this: if pet.Owner ==
users.get_current_user() but am not getting anywhere.
Is there a way to get the current_user into the models.Pet.get_by_id()
query as a parameter? Have I gone down the wrong path trying to use
the id in the URL (should I have used the key? - makes for an uglier
looking URL!)
Many thanks again,
Geoff
On 5 October 2010 23:15, Geoff Parkhurst <[email protected]> wrote:
> On 5 October 2010 22:30, Robert Kluin <[email protected]> wrote:
>> Are you saying that your query works, but it is returning a list
>> instead of a single instance?
>>
>> If maybe this is what you want?
>>
>> user = User.all().filter('GoogleAccount', users.get_current_user()).get()
>> if not user:
>> # make a new user or something
>> pass
>
> Many thanks Robert - works a treat.
> Regards,
> Geoff
>
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en.
