How to hide or modify <pk> in url in Django app?

Question

In my url.py I have:

path('gpd/<pk>/',       views.gpd,          name='gpd'),

my view.py looks like:

@login_required(login_url='login')
def gpd(request,pk):

    current_gpd = get_gpd(pk)

    context = {'current_gpd ':current_gpd , 
               'pk':pk, }

    return render(request, 'app/gpd/gpd_form.html', context)

def get_gpd(id):
    return GPD.objects.get(id=id)

I have noticed, that when my logined user change manually pk - then he has an access to page with another pk. How to prevent it?

my GPG model:

class GPD(models.Model):
    id                      = models.AutoField(primary_key=True)
    employee                = models.ForeignKey(Employee,   verbose_name='Employee',    on_delete = models.CASCADE, related_name='+')

class Employee(models.Model):
    id                  = models.AutoField(primary_key=True)
    name                = models.CharField(max_length=30, verbose_name='Name')

Answer 1

def get_gpd(id,user):
    return GPD.objects.get(id=id, employee=user)

so pass in the request.user

How to hide or modify <pk> in url in Django app?

Question

1 answers

solution1
-1 2022-03-16 22:34:26

How to hide or modify <pk> in url in Django app?

Question

1 answers

solution1 -1 2022-03-16 22:34:26

solution1
-1 2022-03-16 22:34:26