I'm new to Django and having some doubts on how to do this. I've installed an APP called Django-voting, https://github.com/jezdez/django-voting/
This APP allow the user to vote on is own objects. I need to deny this but not sure on how to do it. How can I know the owner of an object?
The code that I've to override is this view:
def vote_on_object(request, model, direction, post_vote_redirect=None,
object_id=None, slug=None, slug_field=None, template_name=None,
template_loader=loader, extra_context=None, context_processors=None,
template_object_name='object', allow_xmlhttprequest=False):
"""
Generic object vote function.
The given template will be used to confirm the vote if this view is
fetched using GET; vote registration will only be performed if this
view is POSTed.
If ``allow_xmlhttprequest`` is ``True`` and an XMLHttpRequest is
detected by examining the ``HTTP_X_REQUESTED_WITH`` header, the
``xmlhttp_vote_on_object`` view will be used to process the
request - this makes it trivial to implement voting via
XMLHttpRequest with a fallback for users who don't have JavaScript
enabled.
Templates:``<app_label>/<model_name>_confirm_vote.html``
Context:
object
The object being voted on.
direction
The type of vote which will be registered for the object.
"""
if allow_xmlhttprequest and request.is_ajax():
return xmlhttprequest_vote_on_object(request, model, direction,
object_id=object_id, slug=slug,
slug_field=slug_field)
if extra_context is None:
extra_context = {}
if not request.user.is_authenticated():
return redirect_to_login(request.path)
try:
vote = dict(VOTE_DIRECTIONS)[direction]
except KeyError:
raise AttributeError("'%s' is not a valid vote type." % direction)
# Look up the object to be voted on
lookup_kwargs = {}
if object_id:
lookup_kwargs['%s__exact' % model._meta.pk.name] = object_id
elif slug and slug_field:
lookup_kwargs['%s__exact' % slug_field] = slug
else:
raise AttributeError('Generic vote view must be called with either '
'object_id or slug and slug_field.')
try:
obj = model._default_manager.get(**lookup_kwargs)
except ObjectDoesNotExist:
raise Http404('No %s found for %s.' %
(model._meta.app_label, lookup_kwargs))
if request.method == 'POST':
if post_vote_redirect is not None:
next = post_vote_redirect
elif 'next' in request.REQUEST:
next = request.REQUEST['next']
elif hasattr(obj, 'get_absolute_url'):
if callable(getattr(obj, 'get_absolute_url')):
next = obj.get_absolute_url()
else:
next = obj.get_absolute_url
else:
raise AttributeError('Generic vote view must be called with either '
'post_vote_redirect, a "next" parameter in '
'the request, or the object being voted on '
'must define a get_absolute_url method or '
'property.')
Vote.objects.record_vote(obj, request.user, vote)
return HttpResponseRedirect(next)
else:
if not template_name:
template_name = '%s/%s_confirm_vote.html' % (
model._meta.app_label, model._meta.object_name.lower())
t = template_loader.get_template(template_name)
c = RequestContext(request, {
template_object_name: obj,
'direction': direction,
}, context_processors)
for key, value in extra_context.items():
if callable(value):
c[key] = value()
else:
c[key] = value
response = HttpResponse(t.render(c))
return response
I think I've to add some kind of verification here,
Vote.objects.record_vote(obj, request.user, vote)
Any clues on this subject?
Best Regards,
This app doesn't manage whether a user is owner or not of any object where he can make a vote, so you need to keep this control in each model who represents an entity able to be voted. For example, if you have a model A and you wish to know which user is owner of A you should have a user relation with the model A for tracking model owner users. We can represent this through an example:
from django.contrib.auth.models import User
from django.db import models
from django.contrib import messages
class A(models.Model):
owner_user = models.ForeignKey(User)
so in any place on your code (in a view or in a verification method) you can do something like this:
# I will call `user_who_votes` the user who is making the action of voting
# if you are in a view or have a `request` instance, you can access to its instance,
# as surely you already know, with `user_who_votes = request.user`, always checking
# this user is authenticated (`if request.user.is_authenticated():`).
try:
# Checking if the user who is voting is `A`'s owner,
# if he is, so you can register a message and show it
# to the user when you estimate (it is only an idea,
# maybe you can have a better option, of course).
a = A.objects.get(owner_user=user_who_votes)
messages.add_message(request, messages.ERROR, 'You can not vote on your own entities.'))
except A.DoesNotexist:
# In this point you are sure at all that `user_who_votes`
# isn't the owner of `A`, so this user can vote.
Vote.objects.record_vote(a, user_who_votes, vote)
Hope this can help you.