I have the following urls in my Django application:
path('rooms/<room_id>',views.home,name='home'),
models:
class ChatRoom(models.Model):
eid = models.CharField(max_length=64, unique=True)
name = models.CharField(max_length=25)
views
def rooms(request):
room = UserProfile.objects.filter(user=request.user).values()[0]['room_id']
rooms = ChatRoom.objects.all().values()
user = User.objects.filter(username=request.user)
return render(request,'chat/rooms.html',{'rooms':rooms,'room_user':room})
Here <room_id> is variable i.e it depends on the eid of a Room model. A user can be a part of only one room. Therefore, the user can access only one <room_id>, let us say '4'. So, a user can access only rooms/4/. How can I restrict the user from entering into other URLs e.g. /rooms/5/ ?.
You might want to make a ForeignKey from UserProfile to the ChatRoom model:
class UserProfile(models.Model):
room = models.ForeignKey(ChatRoom, on_delete=models.PROTECT)
# …Then you can filter the rooms to only allow the one by the user with:
from django.contrib.auth.decorators import login_required
@login_required
def rooms(request):
# the ChatRoom or None
room = ChatRoom.objects.filter(userprofile__user=request.user).first()
return render(request,'chat/rooms.html',{'room': room})Since a user can only belong to one room as you say, it is thus a single room.
In your home method, we can use get_object_or_404(…) [Django-doc] to raise a 404 in case the room is not the one of the user:
from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404
@login_required
def home(request, room_id):
room = get_object_or_404(ChatRoom, eid=room_id, userprofile__user=request.user)
# …That being said, if a user can only be a member of one ChatRoom, then it makes not much sense to include this in the URL. You can simply obtain the chatroom as displayed above.
Note: You can limit views to a view to authenticated users with the
@login_requireddecorator [Django-doc].