0

I'm trying to get info from a model but without moving the url, let me explain by myself when I access to for example:

/list It shows the info and if I just make a click in there i can access to the complete info of this user, or book or something and the url change to detail/8/

Is there any way to get the information without show the id of the database in the url?

for example list/

I have some code but I d no have any idea how to do it, I hope you guys can help me.

urls:

url(r'^detalle/(?P<pk>[0-9]+)/$', views.detalle_id, name="detalle_id"),
url(r'^detalle/(?P<nombre>.*)/$', views.detalle_nombre),

views:

def detalle_id(request, pk):
    detalle = Pregunta.objects.get(pk=pk)
    Pregunta.objects.filter(id=pk).update(comentario='1')

    return render(request, 'detalle.html', {'detalle': detalle})


def detalle_nombre(request, nombre):
    detalle = Pregunta.objects.get(nombre=nombre)
    return render(request, 'detalle.html', {'detalle': detalle})

def lista(request):
    listadb = Pregunta.objects.all()
    return render(request, 'lista.html', {'listadb':listadb})

Edit: from comments:

The reason of this is because I'm trying to make a client database and the users who will use the database will have access to some of them but not of all the data base so if a user set for example domain.com/89 will see the information or can edit of client No 89, this I have a lot reasons why I'm trying to do it like this. Believe me I need o get information on click but accessing without change the url just by click. is it possible ? do you have any idea

e4c5
  • 52,766
  • 11
  • 101
  • 134
Rodrigo Calderon
  • 37
  • 1
  • 8
  • You can use slugs instead of ids – arcegk Sep 16 '16 at 23:06
  • Thank you for answer arcegk, well the issue is that I need to have a clean url, is there any way to see the book information on click without change the url? – Rodrigo Calderon Sep 16 '16 at 23:17
  • Why do you not want to use Uniform Resource Identifiers? What good is the phone network without phone numbers? – allcaps Sep 16 '16 at 23:27
  • The reason of this is because I'm trying to make a client database and the users who will use the database will have access to some of them but not of all the data base so if a user set for example domain.com/89 will see the information or can edit of client No 89, this I have a lot reasons why I'm trying to do it like this. Believe me I need o get information on click but accessing without change the url just by click. is it possible ? do you have any idea ? – Rodrigo Calderon Sep 16 '16 at 23:49
  • did you try my answer? – e4c5 Oct 15 '16 at 15:40

1 Answers1

2

If you are trying to create an 'unguessable' url for each book or other item in your database to stop unauthorized access, you are on the wrong track. Unguessable URLs can and will be guessed and people who shouldn't see or edit them, will edit them.

At the very least you should check if the user is authenticated.

if request.user.is_authenticated():

But this only tells you if the user is logged in or an anonymous user. To find out if the user is authorized to edit, you will need to add some information to the models.

class Pregunta(models.Model):
    ....
    owner = models.ForiegnKey(User)

then do an additional test to find out if the ownership is correct.

getting back to unguessable URLS, if you don't want to use slugs, you can use a non sequential primary key: https://stackoverflow.com/a/37605582/267540

This is usefull if you don't want to reveal to the user how many items exists in your database and which item came first.

Community
  • 1
  • 1
e4c5
  • 52,766
  • 11
  • 101
  • 134