Search code examples
djangodjango-modelsdjango-viewsdjango-class-based-viewsdjango-permissions

How to check user is a member of model object or not in Django?

I wrote this models in model.py

class Group(models.Model):
   MEMBERS_NUMBER = [
      (2, 'Two people'),
      (5, '3 to 5'),
      (10, '5 to 10'),
   ]
   group_name = models.CharField(max_length=50)
   slug = models.SlugField(max_length=50, unique=True)
   members = models.IntegerField(choices=MEMBERS_NUMBER)
   people = models.ManyToManyField('Profile', through='Membership', blank = True)
   summary = models.TextField(
      'Summary and indeas',
      max_length=500,
      help_text='Say what you want to do with your study or jub partner.'
   )
   date_created = models.DateTimeField(default=timezone.now)

and

class Profile(models.Model):
  user = models.OneToOneField(User, on_delete=models.CASCADE)
  birth_date = models.DateField(blank=True, null=True)
  profile_picture = models.ImageField(default = 'default.jpeg', upload_to = 'profile_pics', null=True, blank = True)
  date_joined = models.DateTimeField(default=timezone.now, null=True, blank = True)

and

class Membership(models.Model):
  group = models.ForeignKey(Group, on_delete=models.CASCADE)
  members = models.ForeignKey(Profile, on_delete=models.CASCADE)

then i created generic class-based view for every object of Group model but i want to limit access to only profiles in that Group object, this is my class-based view:

class GroupDetail(UserPassesTestMixin, generic.DetailView):
  model = models.Group
  context_object_name = 'group'
  template_name = 'projects/group_detail.html'

  def test_func(self):
    return self.request.user.profile.group_set.filter(group_name='My-Django-Group')

  def get_queryset(self):
    return models.Group.objects.all()

The test_func(self) checks if user is member of 'My-Django-Group' then show the group details to user but i want to get the object name that we are in it, i tested this:

def test_func(self):  
return self.request.user.profile.group_set.filter(group_name=self.group.group_name)

but it didn't work

Solution

  • You can filter the queryset with:

    from django.contrib.auth.mixins import LoginRequiredMixin

class GroupDetail(LoginRequiredMixin, generic.DetailView):
  model = models.Group
  context_object_name = 'group'
  template_name = 'projects/group_detail.html'

  def get_queryset(self):
    return super().get_queryset().filter(
        people__user=self.request.user
    )

    If the user is not a member of the group, they will receive a HTTP 404 response.

    Note: You can limit views to a class-based view to authenticated users with the LoginRequiredMixin mixin [Django-doc].