I have a detailView/template that has a confidential
field (Boolean) and I want the detail page to be only accessible by staff users (or higher). I have currently made it work by adding the following to my template:
{% if enzymes.confidential == True %}
{% if user.is_staff %}
# confidential data is listed here
{% else %}
<p>You do not have access to this page</p>
{% endif %}
{% else %}
# non confidential data is listed here
{% endif %}
However, I want to know if I can't just apply a filter to my view? The view that I use is listed below (including a bit of leftover from what I tried).
class DetailView(generic.DetailView):
template_name = 'gts/detail.html'
model = Enzymes
# The active get_context_data
def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
return context
# This was my WIP attempt
"""def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
if self.request.user.is_staff:
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
else:
# TODO: Load only confidential=False enzymes here
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
return context"""
A typical approach is to override the get_queryset
method, and filter the queryset if the user isn't a staff member. If a non-staff member tries to access a confidential item, they'll get a 404 page.
class DetailView(generic.DetailView):
template_name = 'gts/detail.html'
model = Enzymes
def get_queryset(self):
queryset = super(DetailView, self).get_queryset()
if not request.user.is_staff:
queryset = queryset.filter(confidential=False)
return queryset