permission_required_or_403 decorator on an 'Add or Edit'?

Question

I have a typical django view setup for adding a new or editing a current 'book' model (through forms). This is of the nature:

def bookedit(request, bookid=None):
    if bookid:
        book = get_object_or_404(Book, pk=bookid)
    else: 
        book = Book()

    if request.method == 'POST':
        <form handling code.....>

I now want to put a decorator on this to limit editing to the user who created the Book. Using django-guardian I have the following decorator to wrap the above code:

@permission_required_or_403('myapp.edit_book', (Book, 'id', 'bookid'))

This works okay in the scenario of editing Books already created, i.e. a 403 will be thrown if the user is not the creator. However, in adding a new book the bookid is empty and crashes the decorator code. Is there a good way to handle this scenario (without separating out the edit and add functions)?

Thanks, Gerry

I'm sorry but that's not possible. django-guardian is not build for that request. Anyways I recommend to create all CRUD-views (create, read, update, delete) on their own. — Thomas Schwärzl, Oct 16 '12 at 16:10
Hi. Thanks. I've just separated out my add and edit views and things are working okay. I thought I'd best check first if it was possible. — GerryDevine, Oct 16 '12 at 16:26

score 1 · Accepted Answer · answered Oct 16 '12 at 17:14

1

I'm sorry but that's not possible. django-guardian is not build for that request. Anyways I recommend to create all CRUD-views (create, read, update, delete) on their own.

answered Oct 16 '12 at 17:14

Thomas Schwärzl

9,518
6
43
69

permission_required_or_403 decorator on an 'Add or Edit'?

1 Answers1