I am trying to create an album in some Facebook test users using V2.2. I tried couple of APIs (as below)
POST http://graph.facebook.com/{user-id}/albums (passed "Name" field with value)
POST http://graph.facebook.com/v2.2/me/albums (passed "Name" field with value)
As a response I get some "id". I believe that's the album id. But when I cross check using client by login in to user account -> Photos, I don't see any album created there.
Can somebody assist with the same?
Related
This question is probably trivial, but I am unable to see a simple solution.
I have custom page model representing Post:
class PostPage(Page):
I would like to make all instances of this model (all Posts) accessible only with url prefix
/posts/
Example:
User creates new Post, the assigned slug will be
awesome-first-post
What should happen is, that
/awesome-first-post/
will result in 404, while
/posts/awesome-first-post/
will display the post.
Note: I want this prefix only for the specific model Postpage. Other pages should be served directly from their slug.
In Wagtail, page URLs are formed from the list of slugs of the page's parent and ancestor pages, based on the page's position in the tree - the developer doesn't specify them directly. So, to get the URL /posts/awesome-first-post/, create a page with the slug posts (usually you'd create a dedicated PostIndexPage page model to serve as a listing page), and create the page awesome-first-post as a child of that one (by clicking the '+' icon next to the Posts page in the explorer listing view).
If you want to make sure that users only ever create PostPages as children of the PostIndexPage, use a subpage_types / parent_page_types setting, for example:
class PostPage(Page):
# ...
parent_page_types = ['PostIndexPage']
I have a table called 'users' and 'location'. Users table has a foreign key that relates to location table. I have a users serializer to get the JSON. What would I do to get the hyperlinks for the users table using its primary key?
In django rest framework documentation, I couldn't find a solution. I tried using hyperlinkrelatedfield. But still I couldn't achieve this. Can someone help me in finding the solution?
Using rest-framework HyperlinkedRelatedField does not work because it was never built to expose the URL of the object being requested. Mainly because since the client already has the url of the user, why send it back again? Nevertheless you can achieve this by doing something like this.
class UserSerializer(serializers.ModelSerializer):
user_url = serializers.SerializerMethodField()
class Meta:
model = User
def get_label_location(self, obj):
return HyperlinkedRelatedField(view_name='user-detail',
read_only=True) \
.get_url(obj, view_name='label-detail',
request=self.context['request'], format=None)
Take note on a few things,
view-name param to the HyperlinkedRelatedField should be based on your url configuration
read-only has to be true since otherwise you'll have to specify the queryset. But since we have the object needed to generate the url we can ignore that.
I've set format param to None but you might want to set it based on your settings.
You can read up about SerializerMethodField here.
Whenever there are facebook notifications a red indicator appears until the notifications have been viewed for the first time.
How could I implement something similar on my site (preferably with django if anything needs to be done server-side)?
The simplest approach would be:
Have a field in the models for viewed_at which is nullable. Once viewed, set the date. If no value is set, that means the user has not viewed it yet.
If there are multiple users whom this feature needs to be extended to, have a foreign key reference:
class MyViewableObject(models.Model):
#fields
class MyViewableViewedBy(models.Model):
user = models.ForeignKey(User)
viewable = models.ForeignKey(MyViewableObject)
Now, when MyViewableObject is viewed, in the view method, create an association for the request.user in the MyViewableViewedBy model.
The user has not viewed if there is no corresponding user entry for the object in the model MyViewableViewedBy
Sorry, I am still new to Django, hopefully the question isn't out of place.
When I have the following in my template:
<td>{{ item.last_name }}</td>
By clicking on last name the user will be redirected to the following link in order to edit it.
http://127.0.0.1:8000/contact/edit/?id=1
But then what prevents any logged in user to just inject a different id in there on the browser and edit a record that doesn't belong to him?
Update
I just had an idea when I read the comment and answer below. Rather than using a third party app, couldn't I just create a UserProfile for each user and attach a unique company wide uuid.uuid1(). Each time a loggedin user attempts to edit something, his unique company uuid will be also passed in the link as an additional parameter.
On the edit side, it would harvest this guid and compare it against the logged in user and see if they match. If they do match, he is authorized to proceed with the editing, otherwise he will be redirected.
What do you think? Any weaknesses?
If you use Django's new class based views, e.g. the generic UpdateView, you can extend the dispatch handler.
def dispatch(self, request, *args, **kwargs):
handler = super(MyEditView, self).dispatch(request, *args, **kwargs)
# Only allow editing if current user is owner
if self.object.author != request.user:
return HttpResponseForbidden(u"Can't touch this.")
return handler
In this case, the code verifies that the author field of the model object corresponds to the currently logged in user, before even handling the rest of the request.
You can see a reallife example of this in a project of mine.
When you're using Django auth, always rely on the session mechanism to identify an user instead of making some other id such as uuid1() (except, for example, when you need extra sessions in an e-commerce site under HTTPS).
For the permission part, you could check the ownership directly, mainly as described by Koliber Services. The relationships between Company, User and Contact are crucial for the logic of permission checking. There are many ways to model the relationships and thus the code would differ much. For example:
# a modeling way
User.company -> Company : an user belongs to a company
Contact.contributor -> User : a contact is contributed by an user, would be invalid is user is leaving the company
# could check accessibility by
can_view = contact.contributor.company_id == current_user.company_id
# another modeling way
User.company -> Company : an user belongs to a company
Contact.company -> Company : a contact info is owned by a company, does not share globally
# could check accessibility by
can_view = contact.company_id == current_user.company_id
When can_view is False, user should get a 403 for his unauthorized attempting and get logged.
Normally the above method is enough for content protection(not yet in Django Admin). However, when you have many different types of permission checking and even row-permission checkings, it's better to use some uniform permission API.
Take Django-guardian for example, you could simply map companies to groups and assign can_view permission for a contact for the group representing the user's company. Or, assign the can_view permission to all users in a company when a contact is created by using signal or celery task.
Furthermore, you could use /contact/1/edit/ instead of /contact/edit/?id=1. In this way the int(request.GET('id')) part is moved to urlconf like r'^contact/(?P<pk>\d+)/$', less code and much clearer.
There are some third-party apps that does what you want, its called "row-level permission" where you can give different users different access to specific objects, "Row level" comes from SQL where each object is a row in the database
I use django-guardian to do the job
In the function handling the saving of the data, check to see if the object being edited has the same ID as the presently logged in user.
For example, if the object in question is called EmailPrefs and it has a field called user_id:
Load the EmailPrefs object with the ID of the object being edited
If the user_id does not match the current user, stop further processing
Modify the EmailPrefs object
Save the EmailPrefs object to the database
I have a form in which the user selects a few items to display on "the following page". This selection is always unique, and we will store each set of selections made using a model, indexed by the id as is par with Django models. When the user selects her choices and POSTs using the submit button, I would like for our application to store her selections in the model, and then render a page with the id of the model so that the user can get back to the page she created at any point with a simple GET request.
For example, the user goes to /coolapp/selectprefs/, makes a few selections, and clicks submit. The user should then be taken to /coolapp/selections/42 given that when the user submitted and created the record, the record was given an id of 42.
What I don't understand is how to send the user to "the following page" as a response (e.g., /coolapp/selections/42 in the above example) after she clicks the submit button. Taking a user to a page of a unique ID based on what she entered seems like a common task (e.g., it will happen when I click the button to submit this question on SO), but I'm not sure how to go about doing it, and would appreciate your advice.
Return a HttpResponseRedirect from your view that handles the POST.