2👍
The answer greatly depends on your model and application. How exactly are you using the content-type framework?
Generally speaking, it’s recommended to have an additional abstraction layer which controls the use of the content-type framework.
Example
Let me construct an example. Let’s say you have these models: Portal, Cube and Cake. Portal and Cube are public, whereas Cake is private for users with specific permissions.
As far as i understood you, your approach is something like this:
# gets called via GET with parameters content_type_id and object_id
def modify_object(request, content_type_id, object_id)
content_type = ContentType.objects.get_for_id(content_type_id)
model_class = content_type.model_class()
instance = model_class.objects.get(pk=object_id)
# modify instance - could also be a "Cake"
instance.save()
This is vulnerable if you want to allow only certain types of object to be modified. You could add a check for the content_type, but that does not seem very sophisticated and cleverly designed.
Instead, i would go for a less generic approach. Define methods for each of the different tasks on your models you want to allow your users:
def create_portal(request, object_id):
portal = Portal.objects.get(pk=object_id)
# create the portal
portal.save()
def carry_cube(request, object_id):
# load, move the cube and save
@permission_required('cake.can_eat')
def eat_cake(request, object_id):
# this will only be performed if the current user has the required permissions
# load, eat the delicious cake and save
Hopefully that information is helpful. With more input from your side it’s easier to give a more detailed answer.