2
You can just put simple verification into your DeleteTodo view:
class DeleteTodo( LoginRequiredMixin, DeleteView ):
model = TodoList
success_url = reverse_lazy( 'todo' )
template_name = 'deleteobject.html'
def get_object(self):
obj = super(DeleteTodo, self).get_object()
if obj.trainee.user != self.request.user:
return None # or raise Http404
return obj
You can also specify queryset (via get_queryset method) into your delete view that will filter only user objects.
Source:stackexchange.com