Hi everyone,
I was wondering about the best practice in functionality conditioning (frontend only, or both in frontend and backend), in my case in terms of allowing certain users to perform certain operations on a website.
for example, the scenario I have is: auction-like website, logged-in users can add items to their watchlist, and can remove items from their watchlist.
When rendering each auction item page, using Django template conditional tags and {% user.is_authenticated %}, I can ensure the following:
- only logged in users can perform these functionalities,
- users that are not the owner can add the item to their watchlist, given the item is not already in their watchlist
- users who have the item on their watchlist can only remove it.
my question is:
Is it needed in my views for these add/remove to watclist functions to ensure the same conditions, in case someone accessed the routes, not through the HTML?
Thank you in advance for the help!