Here’s a simple one:
from django.views.generic import DeleteView
from django.http import Http404
class MyDeleteView(DeleteView):
def get_object(self, queryset=None):
""" Hook to ensure object is owned by request.user. """
obj = super(MyDeleteView, self).get_object()
if not obj.owner == self.request.user:
raise Http404
return obj
Caveats:
- The
DeleteView
won’t delete onGET
requests; this is your opportunity to provide a confirmation template (you can provide the name in thetemplate_name
class attribute) with a “Yes I’m sure” button whichPOST
s to this view - You may prefer an error message to a 404? In this case, override the
delete
method instead, check permissions after theget_object
call and return a customised response. - Don’t forget to provide a template which matches the (optionally customisable)
success_url
class attribute so that the user can confirm that the object has been deleted.