[Django] I tried to implement access control by class inheritance.


Please forgive the mistake as it is written by a beginner with a memo. I'm making a chat app, but I want to make sure that only the participants in the room can see the chat room. I spent a lot of time trying to implement it by overriding the methods in the class view, There was an insanely easy way, so I will introduce it.

Main subject


class Room(models.Model):

class User(AbstractBaseUser, PermissionsMixin):

class JoinRoom(models.Model):#Intermediate table
    room = models.ForeignKey(Room,on_delete=models.CASCADE)
    user = models.ForeignKey(User,on_delete=models.PROTECT)

It may not be better to write it here, but I will summarize it here for the sake of clarity. It seems that get is faster than using filter, so I do this.


from django.contrib.auth.mixins import UserPassesTestMixin

class OnlyParticipantMixin(UserPassesTestMixin):
    raise_exception = True

    def test_func(self):
            exist_or_not = MyRoom.objects.get(room=self.kwargs['pk'],user=self.request.user)#I haven't tried yet if I need to substitute.
            return True
        except MyRoom.DoesNotExist:
            return False

class CommentCreateView(OnlyParticipantMixin,generic.CreateView):#Doesn't it work unless it's in this order?
     template_name = 'hogehoge/hogehoge'

That's it. If anyone other than the participant tries to peep, an error will occur.




