Restrict access per customer in django

Question:

I am trying to restrict access to records based on each customer so users can’t access each others data through URL. I have added this but its restricting everything.

    if request.user.customer != Infringement.customer:
            return HttpResponse('Your are not allowed here!!')"

views.py

        @login_required(login_url='login') 
        def infringement(request, pk):   
           if request.user.customer != Infringement.customer:
            return HttpResponse('Your are not allowed here!!')
        infringement = Infringement.objects.get(id=pk)    
        notes = infringement.note_set.all().order_by('-created')
          if request.method == "POST":
           note = Note.objects.create(
           customer=request.user.customer,
           user = request.user,
           infringement = infringement,
           body=request.POST.get('body')
       )    
       return redirect('infringement', pk=infringement.id)
 
     context= {'infringement': infringement, 'notes': notes}    return
     render(request, 'base/infringements.html', context)
Asked By: Farid

||
Source

Answers:

Try:

@login_required(login_url='login') 
def infringement(request, pk):   
      infringement = Infringement.objects.get(id=pk)
      if request.user.customer.id != infringement.customer.id:
          return HttpResponse('Your are not allowed here!!')
Answered By: Charlie G