I have a form ReviewForm that allows one user to review another user (source of the review and target of the review). I would like to check that the user does not review herself and I think the place to do that should be in the ReviewForm itself. However, the two users (source and target) are not part of the form since they are selected through the UI before. What is the cleanest way of doing this? Right now I am doing the validation in the view but I don't find that nice.
class ReviewForm(forms.ModelForm):
class Meta:
model = models.Review
fields=["title", "content"]
class Review(models.Model):
title=models.CharField(max_length=50,blank=True)
content=models.TextField(blank=True)
source=models.ForeignKey(Profile,related_name="reviews_by")
target=models.ForeignKey(Profile,related_name="reviews_of")
def new_review(request,profile_id):
form=ReviewForm()
if request.method=='POST':
review=models.Review()
review.source=request.user.profile
review.target=models.Profile.objects.get(id=profile_id)
form = ReviewForm(request.POST, instance = review)
if request.user.profile.id == int(profile_id):
form.errors["__all__"]= "Don't review yourself!"
if form.is_valid():
form.save()
return redirect(reverse("profile"))
else:
return render(request,"reviews/new.html",{"form":form})
return render(request,"reviews/new.html",{"form":form})
Thank you.
Try this:
class ReviewForm(forms.ModelForm):
def clean(self):
if self.instance.source == self.instance.target:
raise forms.ValidationError("You cannot review your entity")
return super(ReviewForm, self).clean()
class Meta:
model = models.Review
fields=["title", "content"]
Related
Here is my simplified "ProjectCreate" ClassBasedView :
class ProjectForm(forms.ModelForm):
class Meta:
model = Project
fields = ['name', 'creation_date', 'price']
class ProjectCreate(LoginRequiredMixin, SuccessMessageMixin, CreateView):
model = Project
form_class = ProjectForm
success_message = "Project successfully created"
success_url = "project-list"
def get_form(self, form_class=None):
form = super(ProjectCreate, self).get_form(form_class)
form.fields.pop('creation_date')
return form
def form_valid(self, form):
if form.instance.name == "not_valid_name":
return super().form_invalid(form)
form.instance.last_editor = self.request.user
form.instance.last_modification_date = datetime.datetime.now()
return super().form_valid(form)
I want to create the project only if the name isn't "not_valid_name"
If the name is "not_valid_name", i want to display an error message (saying that the name isn't valid), and bring back the user to the 'project create' page
If you need any additional informations to understand my problem, don't hesitate to ask me.
Thanks :)
You can achieve this at different levels:
at the Form level: here is the link to the corresponding page in the documentation. In short, use the clean method of the field name, the following code should be easy to understand:
from django import forms
from ??? import Project
class ProjectForm(forms.ModelForm):
# I assume you already have some code here
def clean_name(self):
name = self.cleaned_data.get("name")
if name in ["invalid_name_1", "invalid_name_2"]: # etc.
raise ValidationError("Forbidden value for this field.")
return name
class Meta(forms.ModelForm.Meta):
model = Project
With this code (and a few lines more in the template), this is what the client will see:
at the Model level: you could use a custom validator. Check this page for further information, it's quite well written.
at the View level, as you were trying to do, there should be a way, but I think it's not the best solution because it's cleaner to keep the validation logic in the form & model fields. A reason for that, for instance, is that you might be willing to keep the same constraint in the admin app when editing your Project instances. Here's a hint if you prefer that alternative: this page lists all available & useful methods in a CreateView.
I have started learning Django recently using a Udemy course. While going through the course instructor asked to save values from a Form to database.
After searching on the internet I figured out how to put form values into database and everything is working fine. Below is my views.py and forms.py files.
forms.py
class FormName(forms.Form):
fname = forms.CharField( label="First Name")
lname = forms.CharField(label="Last name:")
email = forms.EmailField()
verify_email = forms.EmailField(label='Verify Email:')
def clean(self):
all_clean_data = super().clean()
email = all_clean_data['email']
vmail = all_clean_data['verify_email']
if email != vmail:
raise forms.ValidationError("Check the emails")
views.py
def signup(request):
form = forms.FormName()
if request.method == 'POST':
form = forms.FormName(request.POST)
if form.is_valid():
post = User()
post.fname=request.POST.get('fname')
post.lname=request.POST.get('lname')
post.email=request.POST.get('email')
post.save()
return render(request,'third_app/greet.html')
else:
return render(request,'third_app/oops.html',{'form':form})
return render(request, 'third_app/signup.html',{'form':form})
Now coming to question, the instructor is using Meta class to store the form values to the database. Below are his forms.py and views.py files. I am curious about what the difference is between my method and the instructor's.
forms.py
class FormName(forms.ModelForm):
class Meta():
model = User
fields = 'all'
views.py
def signup(request):
form = forms.FormName()
if request.method == 'POST':
form = forms.FormName(request.POST)
if form.is_valid():
form.save(commit=True)
return render(request,'third_app/greet.html')
else:
return render(request,'third_app/oops.html',{'form':form})
return render(request, 'third_app/signup.html',{'form':form})
Thanks.
The Django docs explain this very well. It's what is known as a ModelForm:
If you’re building a database-driven app, chances are you’ll have forms that map closely to Django models. For instance, you might have a BlogComment model, and you want to create a form that lets people submit comments. In this case, it would be redundant to define the field types in your form, because you’ve already defined the fields in your model.
For this reason, Django provides a helper class that lets you create a Form class from a Django model.
So, to answer your question, your method uses a regular form (forms.Form) where you define the form fields, perform validation and then save each field individually in your view. When using form.ModelForm, field validation and saving is taken care of for you. Seeing as you have already defined what your fields are, the ModelForm uses this to perform the validation. The save() method conveniently saves each field to the database.
I am trying to extend the user model using a one to one relationship to a UserProfile model. I added some boolean fields and in the view I am trying to use those fields as permissions.
Here is my model:
class UserProfile(models.Model):
user = models.OneToOneField(User)
FirstName = models.CharField(max_length=25)
LastName = models.CharField(max_length=25)
ProximityAccess = models.BooleanField(default=True)
NewProxAccess = models.BooleanField(default=False)
def __unicode__(self):
return self.user.username
and here is the view I am trying to use:
#login_required
def NewProx(request):
if UserProfile.NewProxAccess:
if request.method == 'POST':
form = ProxForm(request.POST)
if form.is_valid():
ProxPart_instance = form.save(commit=True)
ProxPart_instance.save()
return HttpResponseRedirect('/proximity')
else:
form = ProxForm()
return render(request, 'app/NewProx.html', {'form': form})
else:
raise PermissionDenied
I don't get any error messages but it does not work as intended. I was hoping that if the user profile had NewProxAccess set to False it would raise the PermissionDenied but it doesn't. I have the admin module wired up and I can select or deselect the checkbox for that field but it has no effect. If I comment out the rest I can get it to show the Permission Denied error so it has to be in the view (I think). I think I am missing a line the establishes the logged in user as the user instance so we can check to see if the user has the permission or not. I know there are a ton of ways to do this and there is probably a better way but for the sake of learning, what is it that I am missing for this to work?
Thanks
Scott
As you want to check access for particular profile but not UserProfile model you need to do:
if request.user.userprofile.NewProxAccess:
# your code
As a note: according to PEP8 best practices you should use camelCase only for naming Classes. For attrs, functions use underscore: my_function
I run into this pattern all the time and I'm wondering if there's a better way to handle it. Lots of my models contemplate the idea of 'creator' - in other words, I want to make sure the user who created the object is saved as the creator. As such, my models almost always include
creator = models.ForeignKey(User)
There doesn't seem to be a way of defaulting this user to the user who created it (request.user). As such I find myself building model forms and adding creator as a HiddenInput()
class MyModelForm(ModelForm):
class Meta:
model = MyModelForm
fields = ['name', 'creator']
widgets = {
'creator': HiddenInput()
}
and then binding the form in the view with initial
form = MyModelForm(initial={'creator': request.user})
and checking on POST to make sure no one dickered with the form (full view):
def create(request):
form = MyModelForm(initial={'creator': request.user})
if request.method == 'POST':
if int(request.POST['creator']) != int(request.user.id):
return render(request,'500.html', {'message':'form tampering detected'})
form = FeedGroupForm(request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('index'))
return render(request, 'mymodelformpage.html',{'form':form})
I'm fine with this but it seems like an anti-pattern. It strikes me that there ought to be a way to default the creator in the model.
creator = models.ForeignKey(User, default=request.user)
Or do it in a post_save perhaps?
No, this is not the right way. The correct way is to exclude the creator field from the form, then set it on save:
if form.is_valid:
obj = form.save(commit=False)
obj.creator = request.user
obj.save()
... redirect ...
I have a admin form with custom validation. Some of the form fields are displayed in the list view via list_editable. When I modify these fields via the list view the custom validation does not kick in. It does work when I use the regular change form, though. So the question is how do I validate changes done via the "change_list" page.
The code might make it clearer
class ProjectForm(ModelForm):
class Meta:
model = Project
def clean(self):
print "validating!"
data = self.cleaned_data
if data.get('on_frontpage') and not data.get('frontpage_image'):
raise ValidationError('To put a project on the frontpage you must \
specify a "Frontpage image" first.')
return data
class ProjectAdmin(AdminImageMixin, DisplayableAdmin, SortableAdmin):
form = ProjectForm
...
list_editable = ("status", "on_frontpage",)
list_display = ("title", "status", "on_frontpage")
Thanks!
Found it. One can specify the form used on the "change_list" page by overriding "get_changelist_formset" method in ModelAdmin:
https://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L524
Override the ModelAdmin.get_changelist_formset(request, **kwargs) method:
from django.forms import BaseModelFormSet
class MyAdminFormSet(BaseModelFormSet):
pass
class MyModelAdmin(admin.ModelAdmin):
def get_changelist_formset(self, request, **kwargs):
kwargs['formset'] = MyAdminFormSet
return super().get_changelist_formset(request, **kwargs)
For more details please check the Django admin site documentation.
I think #Jorge Barata's is the correct answer, thank you very much.
Please allow me to attach a success example here.
class MyAdminFormSet(BaseModelFormSet):
def clean(self):
form_set = self.cleaned_data
for form_data in form_set:
if form_data['field1'] != form_data['field2']:
raise forms.ValidationError(f'Item: {form_data["id"]} is not valid')
return form_set
Tested on Django 2.2