django - Best practices: Good idea to create a new table for every user? -


i'm writing little django app practice framework. app lets user log in, write entries , see list of entries. how should assign entries user created them? idea create table every new user , save entries there or should add additional field in entry model (e.g. 'created_by') , filter items displayed in list accordingly?

one thing thats need considered, there should absolutely no way user sees entries other own (e.g someones uses app write diary). given both ways?

i've newer worked databases before, appreciate explanation why 1 way better other.

based on requirements, having different database table each user make things way more difficult, , wouldn't worth trade-off. 1 example: in "one table per user" scenario, when go retrieve information user, have figure out name of user's table is. i'm not sure how go doing that, since information user stored in table itself. (ignoring session storage.)

an bigger headache comes when try store journal entries in own table, , want maintain referential integrity. is, want ensure each entry belongs user exists. becomes impossible table each user.

it's easy use 1 table users, 1 table entries, , link 2 without large, gaping security holes. "created_by" link way go. view function load page can constrain user see own entries. here's such view:

@login_required def my_entries(request):     user = request.user     entries = entry.objects.filter(created_by=user)     # return response here...

the @login_required decorator requires user accessing page logged in, , .filter() call on entry model load entries created user loading page.

now, list might link 'edit' page each entry. urls each page have unique identifier in url, id field. first entry created automatically id of 1, next 1 id of 2, , on, there's unique identify each entry. urls might '/entry/1/', '/entry/2/', etc. when page loads, checks id in url. if it's '1', loads entry id of '1' user edit. (sorry if know part.)

but, means is, more savvy user might figure out how urls formed , start putting in own ids, means of scouting other people's entries. start entering urls random id values, until find 1 loads: '/entry/8/'. maybe don't own entry id of 8, in theory, if things set correctly, load it.

there's pretty easy ways thwart this. when write view loading single entry, don't load entry instance id...load id , user created by:

@login_required def get_entry(request, entry_id):     user = request.user     entry = entry.objects.get(id=entry_id, created_by=user)     # return response here...

in above case, if tried load page entry exists, doesn't belong me, exception raised. there's helper method in django called 'get_object_or_404' helps this:

@login_required def get_entry(request, entry_id):     user = request.user     entry = get_object_or_404(entry, id=entry_id, created_by=user)     # return response here...

now, if try access page entry instance exists, isn't mine, i'll see typical "page not found" error django offer if tried access page didn't exist.

i know question user database tables, hope helps configure django users aren't reading/editing each other's data.


Comments

Post a Comment

Popular posts from this blog

apache - Add omitted ? to URLs -

i working on website cms reads page name of query string, e.g. http://exmaple.com/?pagename . trying create rewrite rule rewrite ? . so, user types in /pagename , taken /?pagename try this: rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^/?(.*) index.php?$1 [l]
Read more

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

i using bbpress installation without wordpress integration. the redirect of rewriteengine @ forum site works: rewriteengine on rewritecond %{http_host} ^forum.mysite.com$ rewriterule (.*)$ http://www.forum.mysite.com/$1 [r=301,l] the problem login pppress. bbpress login not recognize: http://www.forum.mysite/bb-login.php . it redirects to: http://forum.mysite.com/bb-login.php . i tried permalink settings none , name based, same issue. does uses redirect in bbpress or how can eliminate "double" content , redirect permanently www.? i redirected www.forum.mysite.com forum.mysite.com , achieved eliminate "double" content.
Read more

php - How can I stop spam on my custom forum/blog? -

so have custom built forum & blog system of late has been dealing lot of spam. if wordpress use akismet, if different common platform i'm sure i'd find plugin. there kind of static class can download this? using php. i'd still go akismet, if it. uses outside of wordpress, may have pay fee it, depending on use -- check terms , conditions -- it's option , easy implement in php using api. use api key wordpress. com account access. basically, grab whichever php client library takes fancy -- use alex potsides' php5 library -- plug in key, , it's handful of lines of code. here's bare bones of validation straight 1 of live sites: ... if ($akismet) { $akismet->setcommentauthor($name); $akismet->setcommentauthoremail($session->userinfo["email"]); $akismet->setcommentauthorurl(""); $akismet->setcommentcontent($sentence);...
Read more