Django: Getting Started Transcripts
Chapter: Users and Account Management
Lecture: Authenticated profile details view

Login or purchase this course to watch this video and the rest of the course contents.
0:03 Just like the profile listing, this view needs to be behind the authentication wall as well. So it's been decorated with login required.
0:12 This view will display a single profile so it takes the id of that profile as an argument. Let's do some basic permission management,
0:22 let's say that only staff members are allowed to view a staff member's profile. The request object, which is the first argument of every view,
0:42 contains all sorts of useful information about the session. It always has a user object inside of it. Even if no user is authenticated,
0:51 there is a dummy user for the unauthenticated case. The user model has an attribute called is authenticated, which is true if the user is logged in.
1:04 The if statement on line 18 checks if the user is authenticated.
1:08 This is actually redundant, the login required decorator wouldn't let you get here without it But I wanted to show you the idea.
1:16 Each user object also has an attribute called is staff, which is true if the user is a staff member Line 18 checks if both of these things are true.
1:27 If so then a profile object is fetched. The fetching is done with get object or 404 a shortcut.
1:35 It's common to want to look something up in the database and if it isn't there throw an error.
1:40 That would normally take several lines and you'll likely do it a lot So Django gives you this shortcut.
1:46 The first argument to get object or 404 is the class of the model you're querying. All other arguments are the query arguments for the look up.
1:57 In this case matching the profile id. If no object is found or more than one object is found. This is a get after all. This will raise an exception.
2:08 Django catches the exception for you and shows a 404 page. The else block starting on line 20 is the non staff situation.
2:19 Notice that I'm explicitly querying for an account with is staff equal to false.
2:25 If someone who isn't a staff member put a staff profile id into the URL, then the second query would get run and it would fail because although the
2:34 id is in the database is staff query part wouldn't match. So to recap this view first checks to make sure you're logged in.
2:44 If your staff you can look up any profile. If you're not staff, you can only look up profiles where the is staff property is false.
2:58 The rest of it's what you're used to the profile object that got looked up, gets put in a context dictionary and then render gets called.
3:06 Let's write some templates to go with this view.


Talk Python's Mastodon Michael Kennedy's Mastodon