quasi spindle
Hello!
I am trying to use django's LoginRequiredMixin and DetailView to create a view I named AccountView to display a user's information.
It works fine, but when I have a user A logged in, and I go to the url to try to access a (non logged in) user B's information it works. User A is able to access user B's information. I want to prevent that from happening. I want it to be that when a logged in user A tries to access a non logged in user B account details for it to fail and maybe return an error message.
I think it is important for me to note that I am trying to use the username instead of the user pk in the url. Meaning that to access a user the url is something like http://127.0.0.1:8000/accounts/{username}/. I access the user via it's username rather that it's primary key or id.
Let me know if you need more details, I am waiting for your help!
echo steeple