I have seen some posts like Making form fields - read only or disabled in DJANGO updateView use custom form on an UpdateView to make some fields as read only fields. However, the form object is not accessible for request.user object. If I want to make some fields read-only only for some user group, is there way to do it under UpdateView?
Related
I'm using Django 2.1.5 and have been using the list_display in ModelAdmin-based classes to limit what our superusers can see in the admin pages. There is some sensitive data that only the user should have access to.
Say I have a app based on model SensitiveObject with id, name, secret, etc., I can simply exclude secret from the list_display and it will never show up in the Admin page. However, when I browse to /admin/full/myapp/sensitiveobject/ I will have a list of those object IDs and can simply go to /admin/.../sensitiveobject/<id>/change/ which will show all of the fields, including the ones that I excluded from list_display.
Is there a way to limit what I'm seeing in the /change/ endpoint, as well?
The fields attribute of your ModelAdmin is what defines the fields that are displayed on the change form for each object.
You can make this dynamic you can override the method get_fields:
def get_fields(request, obj=None):
fields = [] # Default list of fields
if request.user.passes_some_test():
fields.append() # The secret field
return fields
I'm migrating something from an old PHP/apache server to Django. I'm a bit stumped with the 'ModelForm'.
As far as I understand, a "Model" is the abstraction for persistent elements in my website/server - specifically this is something stored physically, say in a database, and defines the fields (read columns) in the DB.
I started moving the authentication part of the site, and discovered models, and specifically the User model (I made an empty User inheriting AbstractUser just in case I will ever need to extend things). Now I want to create a simple two field form, to authenticate login.
The form:
Username (which is a field of User, by default)
Password (Which is not).
Even the 'Username' needs a redefinition in the model form. So my questions:
What is the advantage of the model form (over just a form)? - seems like you're redefining fields anyway, and obviously sometimes adding fields on top of the model.
Specifically for authentication, I probably need to store my salted hash associated with the user somehow, compare my password using that and retrieve the user object. This is something I find very hard to find in the Django docs - they just have too much written on authentication, and not one full code example. Do I put this in the "validate" method of form, retrieving there an object and storing it in a session or something?
If there is a deeper relation between a model form and the associated model, I would like to know as well.
Simple django forms and modelforms have quite differences.
class ArticleForm(ModelForm):
class Meta:
model = Article
fields = ['pub_date', 'headline', 'content', 'reporter']
The above example illustrates that you don't have to write any form field in here. The model form will itself create a form which is based on the attributes provided in the model ('Article' in this example).
If you create a simple django form then it would be something like:
class ArticleForm(forms.Form):
some_field = forms.CharField(some_attrs)
...
The django User model provides you everything you need for authentication. When you want to create users just import django.contrib.auth.models.User and use create method to create objects. Then when you want to authenticate a user use authenticate method.
from django.contrib.auth import authenticate, login
def user_login(request):
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(request, username=username, password=password)
# after authentication login the user or set cookies or modify the session or some other action can be taken
return HttpResponse("Some response or use render for html page")
username and password will be coming from your post request.
If you want to extend default Django user model you can use django user model as onetoonefield in your extended model.
class AppUser(models.Model):
user = models.OneToOneField(User)
... # other custom fields
I am new to mezzanine cms. I have some questions about the form page.
In the admin interface, I added a form page. On the bottom of the form page, there is a "meta" section which I can add some fields to the form page I created. My questions are:
1) for the meta fields I added, can I save the values of the fields
in the database?
2) can the meta fields be from a database table fields? For example,
I have a user profile model, can I use the fields in the profile
model as meta fields in the form page? and how?
3) what are the purposes of the form page in mezzanine cms?
Thank you!
Mezzanine's Form page is for when you don't want to define your own model. It dynamically constructs a model to save entered data and potentially email it someplace. This is appropriate if the form is defined by a non-programmer admin or if the only purpose of the form is to collect data and send it somewhere.
However, this is probably not a good choice if the purpose is to use the data in your application. For that, it is better to define your own model and use django's ModelForm.
I'm using a customized form in the admin, with many readonly fields depending on logged in user's permissions.
Now, if I try to save the form logged in as a non-supersuser, I have a this field is required error for all required fields that are readonly.
It's really strange since I never experienced this before.
Any help on that?
I'm trying to implement a reusable form that users can download the source code in HTML which was site generated for them by the site. They can also create their forms using an interface where they get to choose the fields they want and rank them so the highest would appear first in the downloadable form.
They can then use the form in their sites to gather customer data and when the form gets submitted, the action parameter points back to our site so we can store the information on our servers.
Now, my question is, how can I save a Django Field object in my database? This is so I can store the forms that the users created, especially the Fields that they chose.
I need to store the Fields so that I can create a generic Django ModelForm and the users can save the Fields of that ModelForm in their downloadable forms. So when they submit back the information to us I can feed the information straight to the ModelForm (since the Fields would be recognizable) and do some further validation.
Also I have to add some basic javascript validations (like validation.js) for each field (must be present when the user downloads the form), and I know it will be easier if I can save the Fields themselves.
You could pickle the Field object:
import cPickle
field = forms.CharField()
dump = cPickle.dumps(field) # serializes field as an ASCII string
my_model.stored_field = dump
To unpickle:
field = cPickle.loads(my_model.stored_field)
http://docs.python.org/library/pickle.html