{% if show_approval %}
<span>Approvals</span></a>
{% endif %}
I've to create this certain if condition in the html, where this Approvals would be visible for certain users, i've code for this in the python file
context_data = {'show_approval': self.is_approval_supported()}
I've to write a function to show it for this user only.
where request.user == 'abcd#mail.com'
i'm not sure how should i be writing this, i tried like this, but it ain't working.
def is_approval_supported(request,self):
if request.user == 'abcd#mail.com':
return True
else:
return False
The problem lies here:
if request.user == 'abcd#mail.com':
request.user returns an object of the current user type (Basically if you see the type <class 'django.utils.functional.SimpleLazyObject'>
), not a string.
So try to use like this instead:
if request.user.email == 'abcd#mail.com':
Related
I need to restrict access to a template in Django. This is the scenario:
A guest user uses a form
If the form is validated and fine send the user to the example.com/success/ url.
If the guest user tries to send that link example.com/success to a friend. The friend will see that page as a 404.
I have no clue how to achieve this. Any ideas?
Instead of going to a different URL (/success/), you could just show something different when the form was properly filled. For example, in your view:
def my_view(request, ...):
form = ...
show_success = False
if ... post method ...:
if form.is_valid():
... save etc. ...
show_success = True
return render(request, ..., {'show_success': show_success})
In your template:
{% if show_success %}
Success message here
{% else %}
Form here
{% endif %}
I'm using Django 1.5. I have a template with multiple forms: one driver has many cars (inline forms). I want to display a hint indicating which section contains errors.
The template:
{% if driver_form.is_bound and not driver_form.is_valid %}
Please correct errors in the Driver Data.
{% endif %}
{% if car_form.is_bound and not car_form.is_valid %}
Please correct errors in the Car Data.
{% endif %}
The problem is that if the first form is invalid, the second message pops up as well, even though the second form is valid. I also noticed that if I put {{ car_form.is_valid }} three times in a row, the first time it is empty, the next time (and following) it is True.
The original view:
if request.method == 'POST':
driver_form = DriverModelForm(request.POST)
car_form_set = CarInlineFormSet(request.POST) # wrong: no instance passed
if driver_form.is_valid():
driver = driver_form.save(commit=False)
car_form_set = CarInlineFormSet(request.POST, instance=driver)
if car_form_set.is_valid():
driver.save()
car_form_set.save()
else:
driver_form = DriverModelForm()
car_form_set = CarInlineFormset()
return render(request, 'template.html', {
'driver_form': driver_form,
'car_form_set': car_form_set
})
UPDATE:
It seems that for simplicity's sake I left out the details that actually caused the problem. Lesson learned.
There was a Javascript setting values on page load, while it only needed to be done on a dropdown change. It was hiding the erroneous values and causing the form to be valid next time around.
There is a dependency: driver_form is a model form, and car_form_set is an inline form set based on the instance that the driver_form is adding.
The problem was indeed in the view, as seddonym suggested: the car_form_set was not being initialized with an instance if the driver_form was invalid. So is_valid() was neither True nor False. Conclusion: using is_valid() in the template works just fine.
The fixed view:
driver = Driver()
if request.method == 'POST':
driver_form = DriverModelForm(request.POST, instance=driver)
if driver_form.is_valid():
driver = driver_form.save(commit=False)
car_form_set = CarInlineFormSet(request.POST, instance=driver)
if car_form_set.is_valid():
driver.save()
car_form_set.save()
else:
driver_form = DriverModelForm(instance=driver)
car_form_set = CarInlineFormset(instance=driver)
return render(request, 'template.html', {
'driver_form': driver_form,
'car_form_set': car_form_set
})
You don't need to call form.is_valid, that will already have been called by the view. Instead, check for errors:
{% if first_form.errors %}
Please correct errors in the First Form.
{% endif %}
{% if second_form.errors %}
Please correct errors in the Second Form.
{% endif %}
I have this models in Django:
News
Comments
Reactions
Relations are:
a News has various Comments
a Comment has various Reactions
The problem is the user (in request / session): the user may subscribe to a reaction, or a comment; he may be logged in or not. (it's a foo example, it doesn't have much sense)
I can't do in template:
{% for reaction in this_news.comments.reactions %}
{{ reaction.name }}
{% if reaction.user_subscribed %} #reaction.user_subscribed(request.user)...
You have subscribed this reaction!
{% endif %}
{% endfor %}
Problems are:
I can't call the method in the template with a parameter (see the comment above)
Models don't have access to request
Now i'm calling an init_user method in News Model, passing the request. Then i have the same method in Comment and Reaction model, and i have to set the user_subscribed property cycling the children of each model.
Isn't there a smarter way to do this?
EDIT: thanks to the Ignacio's hint about using custom tag i'm trying to do a generic mode to pass the user (avoiding the use of closures because i don't know how to use them atm):
def inject_user(parser, token):
try:
# split_contents() knows not to split quoted strings.
tag_name, method_injected, user = token.split_contents()
except ValueError:
raise template.TemplateSyntaxError("%r tag requires exactly three arguments" % token.contents.split()[0])
return InjectUserNode(method_injected, user)
class InjectUserNode(template.Node):
def __init__(self, method_injected, user):
self.method_injected = template.Variable(method_injected)
self.user = template.Variable(user)
def render(self, context):
try:
method_injected = self.method_injected.resolve(context)
user = self.user.resolve(context)
return method_injected(user)
except template.VariableDoesNotExist:
return ''
When i use it {% inject_user object.method_that_receives_a_user request.user %} i come to this error 'str' object is not callable in method_injected(user); how i can fix that?
Write custom template tags that take the user and set a context variable to indicate presence or absence of the criterion.
I've resolved it in a less elegant way, but it worked for me.
I've created a sort of singleton in my User defined class, with a property that i set in every view i need it.
The property is User.current.
Then, inside the models, where i need that i get the current user looking in User.current.
I'm implementing a custom permissions application in my Django project, and I'm lost as to how to implement a custom template tag that checks a logged in user's permissions for a specific object instance and shows a piece of HTML based on the outcome of the check.
What I have now is (pseudocode):
{% check_permission request.user "can_edit" on article %}
<form>...</form>
{% endcheck %}
('check_permission' is my custom template tag).
The templatetag takes in the user, the permission and the object instance and returns the enclosed HTML (the form). This currently works fine.
What I would like to do however, is something like:
{% if check_permission request.user "can_edit" on article %}
<form>...</form>
{% else %}
{{ article }}
{% endif %}
I've read about the assignment tag, but my fear is that I would pollute the context variable space with this (meaning I might overwrite previous permission context variables). In other words, as the context variables are being defined on different levels (the view, middleware in my case, and now this assignment template tag), I'm worried about maintainability.
You can use template filters inside if statements. So you could rewrite your tag as a filter:
{% if request.user|check_can_edit:article %}
Note that it's tricky to pass multiple arguments of different types to a filter, so you'll probably want to use one filter per permission, above I've used check_can_edit.
You can definitely do that if you're willing to write some more lines of python code to improve your template readability! :)
You need to parse the tag content yourself, even the parameters it takes and then resolve them, if you want to use variables on them.
The tag implemented below can be used like this:
{% load mytag %}
{% mytag True %}Hi{% else %}Hey{% endmytag %} Bro
Or with a variable:
{% mytag myobject.myflag %}Hi{% else %}Hey{% endmytag %} Bro
So, here's the way I did it:
from django.template import Library, Node, TemplateSyntaxError
register = Library()
#register.tag
def mytag(parser, token):
# Separating the tag name from the "test" parameter.
try:
tag, test = token.contents.split()
except (ValueError, TypeError):
raise TemplateSyntaxError(
"'%s' tag takes two parameters" % tag)
default_states = ['mytag', 'else']
end_tag = 'endmytag'
# Place to store the states and their values
states = {}
# Let's iterate over our context and find our tokens
while token.contents != end_tag:
current = token.contents
states[current.split()[0]] = parser.parse(default_states + [end_tag])
token = parser.next_token()
test_var = parser.compile_filter(test)
return MyNode(states, test_var)
class MyNode(Node):
def __init__(self, states, test_var):
self.states = states
self.test_var = test_var
def render(self, context):
# Resolving variables passed by the user
test_var = self.test_name.resolve(context, True)
# Rendering the right state. You can add a function call, use a
# library or whatever here to decide if the value is true or false.
is_true = bool(test_var)
return self.states[is_true and 'myvar' or 'else'].render(context)
And that's it. HTH.
In Django 2 the assignment tag was replaced by simple_tag() but you could store the custom tag result as a template variable:
# I'm assuming that check_permission receives user and article,
# checks if the user can edit the article and return True or False
{% check_permission user article as permission_cleared %}
{% if permission_cleared %}
<form>...</form>
{% else %}
{{ article }}
{% endif %}
Check the current doc about custom template tags: https://docs.djangoproject.com/en/2.1/howto/custom-template-tags/#simple-tags
inside my_tags.py
from django import template
register = template.Library()
#register.simple_tag(takes_context=True)
def make_my_variable_true(context):
context['my_variable'] = True
return '' # without this you'll get a "None" in your html
inside my_template.html
{% load my_tags %}
{% make_my_variable_true %}
{% if my_variable %}foo{% endif %}
In this case best solution is to use custom filter. If you don't want write long code for custom tag. Also if you don't want to copy/paste others code.
Here is an example
Inside templatetag
register = template.Library()
def exam_available(user, skill):
skill = get_object_or_404(Skill, id=skill)
return skill.exam_available(user)
register.filter('exam_available', exam_available)
Inside template
{{ request.user|exam:skill.id }}
or
{% if request.user|exam:skill.id %}
Since one of the main common of it is to use request.user or any specific object(id) inside model's custom method, so filtering that individual object or user is the easiest way to make it done. :)
I'm trying, in vain, to create a simple Django template tag to either show or hide a "delete" link next to a submitted comment on my site.
In a nutshell, I want to pass the comment object to the template tag, determine if the currently logged in user is authorized to delete the comment and then either show or not show the link.
The usage in my template would be like so:
{% load access_tags %}
{% if_authorized comment %}
Delete
{% endif_authorized %}
Rest assured that I also check in the appropriate view if the user is authorized to delete the comment.
Does this type of tag have a specific name? It would certainly help me with my Google searches if it did. Thanks for your help!
UPDATE 1:
The way my site works, two people are potentially authorized to delete a comment: 1) the comment creator and 2) the owner of the post where the comment was left. Because of this, I need to determine, per comment, if one of those conditions is present.
I don't think I can use something like Django's built-in permission sytem, since it requires that permissions "be set globally per type of object, no per specific object instance".
In my case, user "Bob" may have permissions to delete a comment (if he wrote it or it is on a post he created), but he also may not be allowed to delete it (if he is looking at a comment on someone else's post).
UPDATE 2:
It appears that you can't pass objects to a template tag, only strings: "Although you can pass any number of arguments to a template tag using token.split_contents(), the arguments are all unpacked as string literals." I guess I'll pass the id of the comment object in question and pull it in the tag.
I was wrong about this, just have to access the passed in object like:
self.comment.resolve(context).user
vs.
self.comment.user
OK, this is how I did it...
The tag is used like this in the template:
{% load access_tags %}
{% if_authorized comment.user object.user user %}
Delete
{% endif_authorized %}
The template tag file is called "access_tag.py" and is in my app's "templatetags" directory. This is the contents of "access_tag.py":
from django.template import Node, NodeList, TemplateSyntaxError
from django.template import Library, Variable, VariableDoesNotExist
register = Library()
def do_if_authorized(parser, token):
"""
Outputs the contents of the block if the 'comment owner' or the
'page owner' is also the 'authenticated user'. As well, you can use
an {% else %} tag to show text if the match fails.
Takes three parameters:
1) the comment owner
2) the page owner
3) the current authenticated user
"""
bits = token.contents.split()
if len(bits) != 4:
raise TemplateSyntaxError("%s tag takes three arguments: \
1) the comment owner \
2) the page owner \
3) the current authenticated user" % bits[0])
nodelist_true = parser.parse(('else', 'endif_authorized'))
token = parser.next_token()
if token.contents == 'else':
nodelist_false = parser.parse(('endif_authorized',))
parser.delete_first_token()
else:
nodelist_false = NodeList()
return IfAuthorizedNode(bits[1], bits[2], bits[3], nodelist_true, nodelist_false)
class IfAuthorizedNode(Node):
def __init__(self, comment_owner, page_owner, authenticated_user, nodelist_true, nodelist_false):
self.nodelist_true = nodelist_true
self.nodelist_false = nodelist_false
self.comment_owner = Variable(comment_owner)
self.page_owner = Variable(page_owner)
self.authenticated_user = Variable(authenticated_user)
def render(self, context):
try:
comment_owner = self.comment_owner.resolve(context)
page_owner = self.page_owner.resolve(context)
authenticated_user = self.authenticated_user.resolve(context)
except VariableDoesNotExist:
return ''
if comment_owner == authenticated_user or page_owner == authenticated_user:
return self.nodelist_true.render(context)
else:
return self.nodelist_false.render(context)
register.tag('if_authorized', do_if_authorized)
Done. In the end, it would have been pretty easy to just use the built-in {% if %} tag to do this comparison, but since I'll have other per-object authorizations to do, I will continue to build out these custom "access_tags". Plus, the template code looks so much tidier :)
There already exists a project that aims to do what you would like to do.
django-authority allows for fine grain control over permissions in templates.
Django 1.2 also contains user permissions in templates, too.
how about this... create a custom tag that writes a variable in the context, then test that variable using {% if %}
it'd be something like this:
{% check_access comment %}
{% if has_access %}
Delete
{% endif %}
of course the "check_access" tag would write the "has_access" in the context.
Good Luck