Where can I control the view of resolution mode in Django? In url (via shared views), template or view?
I have a basic permission system in which I am pretty strong in allowing hardcoding based on user.profile.user_type
where user.profile
equivalent user.get_profile()
.
For example, if user_type
is, say, 1
(property manager) then that user can view all work orders. A user_type
of 2
(tenant) means that the user can only view the work orders they have created.
I am currently just using a generic class in urls.py
like this
url(
r'^orders/$',
ListView.as_view(
model = Order,
template_name = 'doors/orders/list.html'
),
name = 'orders_list'
),
and hence I have no control over permissions at all.
So, to add a permission system, should I control it in the template like this:
{% for order in order_list %}
{% if request.user.profile.user_type == 1 %}
# Show every order
{{ order.pk }}
{% else %}
# Show only work orders created by that user
{% if order.creator == request.user.pk %}
{{ order.pk }}
{% endif %}
{% endif %}
{% endfor %}
I have a feeling that trying to filter inside a template is a waste of many SQL strokes, because no matter what the user_type
template is , the template will still force Django to call every work order. It's true?
Or should I control this in the view like this?
def orders_list( request ) :
if request.user.user_type == 1 :
order_list = Order.objects.all()
else :
order_list = Order.objects.filter( creator = request.user.pk )
dictionary = {
'order_list' : order_list,
}
return render( request, 'doors/orders/list.html', dictionary )
Obviously, if I try to control it internally views.py
, then I can no longer use generic views.
And finally, my third option would be to (somehow) manage it in the overall view of the class. I don't even know if this is possible. Maybe somehow with get_context_data
? I really like the simplicity of generics, but I'm not too familiar with more advanced OO concepts.
What do you guys suggest?
source to share