Relating generically created Django objects with users

Question

I'm new to Python & Django. I want to allow users to create new objects, and for each object to be related to the currently logged in user. So, I thought I'd use the generic create_object method - only I can't work out how best to do this so it's simple and secure.

Here's my model:

class Book(models.Model):
    user = models.ForeignKey(User, related_name='owner',
        editable=False)

    title = models.CharField(max_length=200,
        help_text='A title for this entry')

    author = models.CharField(max_length=200)

This is a really simple model - users can enter a book title and author, and the 'user' field is set as non-editable. When the object is created I want the user field to have the value of the currently logged in user.

Can I do this with the generic create_object method? What's the best approach here? I don't want to use a hidden field in the form since it's obviously not safe.

Thanks

Answer 1

I think it's not possible with generic view (I could think of some way to accomplish that, but that would be much more complicated than it's worth - using signals, globals and middleware). You should write your own view that will handle Book object creation using ModelForm. Read about it here and here (Django docs).

Also, I think you misunderstood what related_name parameter does - now, given some User instance you'll have to write:

books = user.owner.all()

to get list of this user's books. It would be better to either leave related_name unchanged (the default is relatedmodelname_set, in this case: user.book_set.all()) or change it to something more meaningful, like "books", which will let you write:

books = user.books.all()

and get what you want.