3

I have the following urls in my Django application:

path('rooms/<room_id>',views.home,name='home'),

models:

class ChatRoom(models.Model):
    eid = models.CharField(max_length=64, unique=True)
    name = models.CharField(max_length=25)

views

def rooms(request):
    room = UserProfile.objects.filter(user=request.user).values()[0]['room_id']
    rooms = ChatRoom.objects.all().values()
    user = User.objects.filter(username=request.user)
    return render(request,'chat/rooms.html',{'rooms':rooms,'room_user':room})

Here <room_id> is variable i.e it depends on the eid of a Room model. A user can be a part of only one room. Therefore, the user can access only one <room_id>, let us say '4'. So, a user can access only rooms/4/. How can I restrict the user from entering into other URLs e.g. /rooms/5/ ?.

SAI SANTOSH CHIRAG
  • 2,046
  • 1
  • 10
  • 26
  • i think you need to define `OnetoMany` relationship between `User` and `ChatRoom` ? – cizario Jul 09 '20 at 15:36
  • simply create a many to many between `User` and `ChatRoom` and match the user with room and vice-versa, after that just do a checkup if user has a room assigned – Nicolae Jul 09 '20 at 15:36

1 Answers1

1

You might want to make a ForeignKey from UserProfile to the ChatRoom model:

class UserProfile(models.Model):
    room = models.ForeignKey(ChatRoom, on_delete=models.PROTECT)
    # …

Then you can filter the rooms to only allow the one by the user with:

from django.contrib.auth.decorators import login_required

@login_required
def rooms(request):
    # the ChatRoom or None
    room = ChatRoom.objects.filter(userprofile__user=request.user).first()
    return render(request,'chat/rooms.html',{'room': room})

Since a user can only belong to one room as you say, it is thus a single room.

In your home method, we can use get_object_or_404(…) [Django-doc] to raise a 404 in case the room is not the one of the user:

from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404

@login_required
def home(request, room_id):
    room = get_object_or_404(ChatRoom, eid=room_id, userprofile__user=request.user)
    # …

That being said, if a user can only be a member of one ChatRoom, then it makes not much sense to include this in the URL. You can simply obtain the chatroom as displayed above.

Note: You can limit views to a view to authenticated users with the @login_required decorator [Django-doc].

Willem Van Onsem
  • 443,496
  • 30
  • 428
  • 555