thanks!

post.author == user will work as well, however he should protect the views also, otherwise somebody can call the url directly

@@georgesmith3022 even if they call the views they'd have to spoof the sesión to bypass this mechanism

@@cnslpsbly could you elaborate please? is this because of the csrf token in the forms? is implementing permissions in the views redundant or is it a good practice?

@@georgesmith3022 Django stores the session in a cookie, with it, it can tell which user is requesting which view. Checking user == post.author means checking the session user vs the post user. Django will only render the part of the html template that corresponds to the {if user = post.author } {else} so there's no way to hack this from the front end. Best practice is do this kinds of checks on the templates (backend) so you can't just change things on the front end.

Very welcome!

My pleasure!

lol

More to come!

Glad you enjoy it!

Glad you liked it!

Ok will probably do that

Glad to hear it

Better? Use whatever method you want.

@@Codemycom Well, better might not have been the best choice of word as it depends on use case.. But, I do wanted to understand the difference between the two approach. I believe the HTTP response header would be different but is there any difference in terms of security or other parameters?

Yep..I have like a dozen Django courses at Codemy.com get total lifetime membership for $49 (all my courses, one time fee) using coupon code: chatgpt for the next couple days

That's probably a good way to do it

@@Codemycom I want to make the website so that the website has users, and these users will go to a dashboard where they can send their blog to the editors. Now there are the editors who have access to another dashboard (another dashboard in the sense, they will be redirected to another page like "/editor"). The editors can review the blogs made by users and then publish it directly to the blog page. I have React as my Frontend and I will be using Django REST Framework to build an API. My initial approach was to make a single model Users(I'll just make a custom user model building upon the default User model by using AbstractUser). I'll add a Boolean field is_editor. Now in the Frontend when I get the API I'll use is_editor to redirect to "/editor". The problem is I'm a beginner in Django and is there any problem with this approach?

@@pranavt.j.1157 Give it a try :-)

You're welcome!

I found a solution We need to create a foreign key in the model That key should be referencing to the auth_user model of django In that foreign key we need to create a related_name value With that related name we can access blogs with the current user logged in

The admin already has that permission on the Django admin dashboard, but if you wanted to give them that permission on the webpage itself, you could easily do so with an elif statement on the code from this video.

@@Codemycom or even in view.py file

@@delllatitude299 but why?

@@Codemycom no just a suggestion. we can also control this thing in view.py file to prevent and allow different users to access specific info or page.

i work around this with just post.author.id == user.id

We're using classed based views, so that's not easily done.

@@Codemycom 🤔 really? I didn't know that interesting thanks sir

:-)

Already did that: kzbin.info/www/bejne/inKrYWR_rpp0q6c

I do that very thing later on in the playlist

www.linkedin.com/pub/john-elder/55/a31/493

:-)