[Fixed]-Django – user restriction from getting access to same value

1👍

Maybe I do not understand what you want. But I’ll advise you about your code.

request.user.association is asoc.

# before ---------
association = Association.objects.filter(asoc_name=request.user.association)
asoc = Association.objects.get(id=association)

# after -----------
asoc = request.user.association

Event.objects.create return Event object.

# before -------
Event.objects.create(
# omit
)
# omit
eid = Event.objects.latest('id').id
res['eid'] = eid
res['data'] = Event.objects.values().get(id=eid)

# after -------
event = Event.objects.create(
# omit
)
# omit
res['eid'] = event.id
res['data'] = event

UPDATE

you should change event_get view as follows

def event_get(request, start, end):
   res = {'success': False}
   try:
       datetime.strptime(start, '%Y-%m-%dT%H:%M:%S.%fZ')
       datetime.strptime(end, '%Y-%m-%dT%H:%M:%S.%fZ')
   except ValueError:
       res['message'] = \
           'Invalid params: ISO format start end dates expected'
       return JsonResponse(res)

   result = Event.objects.filter(
        association=request.user.association,  # Add filter
        start__range=(start, end)
   ).order_by('start').values()


   res['data'] = list(result)
   res['success'] = True
   return JsonResponse(res)

Also, you should protect this view with login_required.
https://docs.djangoproject.com/en/1.10/topics/auth/default/#the-login-required-decorator

👤tell k

Leave a comment