python - Restrict access to only owned content django -

-

i'm writing api using django-tastypie. have 2 custom permisions issues i'm hoping django-guardian can fix.

i have 2 user groups clinicians , patients. clinicians should able access objects belonging patients , patients should able access objects created themselves.

my code follows:

class userresource(modelresource):     class meta:         queryset = user.objects.all()         resource_name = 'auth/user'         excludes = ['email', 'password', 'is_superuser']   class blogpostresource(modelresource):     author = fields.toonefield(userresource, 'author', full=true)      class meta:         queryset = blogpost.objects.all()         resource_name = 'posts'         allowed_methods = ["get", "post"]         # add here.         authentication = basicauthentication()         authorization = djangoauthorization()         filtering = {             'author': all_with_relations,         }

how can used permissions restrict access on blogpostresource?

you achieve custom authorization class, example like: 

class customauthorization(authorization):     def apply_limits(self, request, object_list):              ...         clin_group = group.objects.get(name='your group')         if request , hasattr(request, 'user'):             if clin_group in request.user.groups.all():                   object_list = object_list.filter(user__in=request.user.patients.all()) # or stop clinician>patient relation             else:                  object_list = object_list.filter(user=request.user)         return object_list

Comments

Post a Comment

Popular posts from this blog

sql - VB.NET Operand type clash: date is incompatible with int error -

-
i trying display records table named staffpresentee database using clause... i using visual studio 2010... the table design follows- .......fieldname..................datatype........allownull 1......staff_id (fk).............numeric(18,0)......yes 2.......date........................date.............no 3......present.....................char(1)..........yes note type of 2nd field date , not datetime... i want display records table have today's date int 'date' field... current query is- cmd = new sqlclient.sqlcommand("select * staffpresentee date=" & date.now.date, cn) dr = cmd.executereader for dr = cmd.executereader error "operand type clash: date incompatible int" i tried select * staffpresentee query without clause runs correctly. try putting date value in sigle quotes maybe. cmd = new sqlclient.sqlcommand("select * staffpresentee date='" & _
Read more

SVG stroke-linecap doesn't work for circles in Firefox? -

-
i've got problem svg stroke-linecap attribute. i've got circular progress bar in angularjs , set outer circle (blue one) have rounded "ends". @ fiddle . <svg ... height="130" width="130"> <!-- ngif: background --> <circle ... ng-if="background" fill="#fff" class="ng-scope" stroke-width="13" stroke="#cc3399" r="57.5" cy="65" cx="65" stroke-linecap="round" /> <!-- end ngif: background --> <circle ... fill="none" stroke-dashoffset="36.12831551628261" stroke-dasharray="361.28315516282623" stroke-width="13" stroke="#432db3" stroke-linecap="round" r="57.5" cy="65" cx="65" transform="rotate(-89.9, 65, 65)" /> </svg> how can that?
Read more

python - TypeError: Scalar value for argument 'color' is not numeric in openCV -

-
here code im = cv2.imread('luffy.jpg') gray = cv2.cvtcolor(im,cv2.color_bgr2gray) ret,thresh = cv2.threshold(gray,127,255,0) contours,h = cv2.findcontours(thresh,cv2.retr_tree,cv2.chain_approx_simple) cnt in contours: moment = cv2.moments(cnt) c_y = moment['m10']/(moment['m00']+0.01) c_x = moment['m01']/(moment['m00']+0.01) centroid_color = im[c_x,c_y] centroid_color = np.array((centroid_color[0],centroid_color[1],centroid_color[2])) print type(centroid_color) cv2.fillpoly(im,cnt,centroid_color) i getting error on last line try , pass centroid_color color argument. <type 'numpy.ndarray'> , have been able pass data type cv2.fillpoly color in other instances, not sure why having problem here. fillpoly() expects iterable, i.e. put cnt in brackets. believe duplicate of https://stackoverflow.com/a/17582850/5818240 . moreover, centroid color variable contains strings. need convert them i
Read more