Filtering views content based on currently logged in user


Follow the following steps:

  1. In your view settings page, under "Advanced" section, click to add new "Contextual argument".

  2. From the list of fields, choose the field that contains the "usernames" in your content type X.

  3. From the section "When the filter value is NOT available", choose "Provide default value" and for the type, choose "User ID from logged in user".

That would be all.

Drupal facet search https://drupal.org/project/facetapi will give you the required functionality.

A quick search on google for 'faceted search drupal' will give you lots of tutorials on how to set it up, one of which being: http://envisioninteractive.com/drupal/drupal-7-views-with-faceted-filters-without-apachesolr/

In your model admin, you could override the method get_queryset().

So you could do something like,

 class EntryAdmin(admin.ModelAdmin):
      def get_queryset(self, request):
          qs = super(EntryAdmin, self).get_queryset(request)
          if request.user.is_superuser:
              return qs
          return qs.filter(business__in=request.user.account_set.all().values_list('business_id', flat=True))

The last line, qs.filter(business__in=request.user.account_set.all().values_list('business_id', flat=True)), filters the initial queryset(which defaults to all entries).

request.user.account_set.all() returns all the Account objects associated with the user. Yes, the way you design your Account model will allow multiple objects to be associated to a User. If you want to limit it to one, you should consider using OneToOneField.

Appending .values_list('business_id', flat=True) to the queryset is telling Django that you only want specific columns to be returned, in this case just the business_id column. values_list returns a list of tuples but if you only need one column from the queryset, you can pass the keyword argument flat=True which will return a flat list.

It's hard to guess what did you try...

There are some ready to use solutions ie. Deadbolt 2 - An authorisation system for Play 2 which contains also proper helpers for the views, implementing this into your app will allow you to check if user is logged on the view level (SubjectPresent()), and much more.

Check the example app

There's no in-built way of doing this, and there's any number of solutions that could work.

The best way all depends on your situation. In some cases, doing it on a per-action basis, like the question you linked to, would be best. In other cases a more generic solution, such as writing a beforeFind method for your Model/s, or even for your AppModel, would be better.

Which solution is best depends on your exact requirements. Eg, if users can absolutely, always, only ever view their own content, and if every table is linked to a user via a user_id field, then a more generic solution will work.

However, if it's more varied and there are only some actions, of some controllers, that need to be restricted based on the current logged in user, then a less generic approach (such as the one you linked to) is needed.

Comments


Message :
Login to Add Your Comments .
Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .