0

I have a system with multiple organizations logging in and interacting with us and our partners. I have a table that keeps track of what users have access to what organizations. I would like for customers to only see their own records.

I am doing this inside the views and whatnot. However, I find myself often trying to code around this. It makes it so I can't use some of the generic views as easily. Forms are a pain because when a field is pulled in as a dropdown option if shows all the records. In reality, I never want to receive all the records back. I would much rather the query check the access table and always just return what a user has access to.

I have seem some mentions about using a middleware change but I would really like to keep this within the manager and query set. It seems like that is what they are there for. However, I can't seem to find a way to reference request.user without passing it in (this causes other changes and messes with all my forms....).

Is way to do this within the manager and queryset?

HobbyHack
  • 33
  • 4
  • You need access to the current `request` object, if you don't want to pass it into every query you'll need to use something like https://pypi.org/project/django-threadlocals/ to be able to access it in the manager – Iain Shelvington Aug 08 '20 at 02:00
  • Have you considered using Django's built in Groups and Permission available in the Admin Panel? – Red Cricket Aug 08 '20 at 03:32

0 Answers0