Flask-AppBuilder How to let user only edit or delete the records created by themselves.

How to let user only edit or delete the records created by themselves.

Open QKJIN opened this issue 2 years ago • 1 comments

I created a group model. Every user belong to the same group can see the records created by others. I can use the base_filters to let the user view these recordes. But I want user to only edit or delete their own records. I don't know how to do. It sames like every one in the same group can edit and delete records if they have the edit or delete permission. So whether I need to override the edit and delete mothod to implement my this situation.

Jun 19 '22 12:06 QKJIN

I tried to override edit and delete method. It can work.

     @expose("/delete/<pk>", methods=["GET", "POST"])
     @has_access
     def delete(self, pk):
        item = self.datamodel.get(pk)
        if (is_right(current_user, item.created_by):
            # Maintains compatibility but refuses to delete on GET methods if CSRF is enabled
            if not self.is_get_mutation_allowed():
                self.update_redirect()
                log.warning("CSRF is enabled and a delete using GET was invoked")
                flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), "danger")
                return self.post_delete_redirect()
            pk = self._deserialize_pk_if_composite(pk)
            self._delete(pk)
            return self.post_delete_redirect()
        else:
            flash('No right to delete!')
            self.update_redirect()
            return redirect(self.get_redirect())

Jun 20 '22 06:06 QKJIN

Flask-AppBuilder Flask-AppBuilder copied to clipboard

How to let user only edit or delete the records created by themselves.

Flask-AppBuilder
Flask-AppBuilder copied to clipboard