1๐
I usually create a @owner_required decorator to wrap elements with such requirements, how the logic works depends on usecase
0๐
You should have an association in your user model, and then in you controllers you should do all object access through your user model associations, so each user can only access each own childs. Here is a related post How to create new (unsaved) Django model with associations?
- [Answer]-Scrapy : login request and crawling, passing item into multiple pages
- [Answer]-How to filter by __encoded_query using suds?
- [Answer]-Django : user.is_authenticated, works without passing 'user'?
- [Answer]-Django paginator to include all elements of all previous pages
0๐
If you need more granular security than what Django provides out-of-the-box then you might want to look into one of the ACL offerings. Starting with Django 1.2 it is possible to add object/row level permissions using a third-party plugin. There are several to choose from. See this SO question for suggestions:
Django 1.2 object level permissions โ third party solutions?