I'm using the standard Django comments app in my project. If the User is logged in then the comment form still shows fields for user_name and user_email. If anything is entered into those, the data is saved to the database with the comment, along with the user_id of the logged-in User.
When the comment is displayed, the name of the logged-in User is shown, rather than the user_name entered into the comment form.
I would have expected the user_name and user_email fields to not be shown on the form if the User is logged in, as they're pointless in this situation. Is it supposed to behave like that way and I've done something wrong? If this is, bizarrely, standard behaviour, what's the very simplest way to hide these fields (or use the logged-in User's name/email) when the User is logged in? Thanks.
Keep in mind that generic Django apps are designed to be, well.. generic. They don't necessarily handle all the special cases.
If you want to change this form, you should write your own template. In the template, you can use !user.is_authenticated to add fields to the form (make sure you are using RequestContext).
Related
I was wonder if it is possible to include a way that when someone fill the user registration form to register, can the details be sent to an admin email for authorization before the user can login in django?
Since you did not provide any code I will guide you the process, you can later come back more specific question if you are stuck :
Use the field is_active provided by Django from the User model to authorised access within your website.
Extends the field is_active to set the default to False or set it to false in the begging of your user view
Create a link with the ID of the user and a path to the Django Admin where you can update the user and active to True
In short yes, possible and pretty easy if you know a bit of Django.
I am currently working on a website, and I wanted to know how do I check which user is logged in. Just to clarify I am using the Django built in models from django.contrib.auth.models import User to do my login, logout etc. What I don't know how to do is check which user is logged in, I know the method
if user.is_authenticated:
# Other code goes here
But this method only checks weather the user is logged in not which user is logged in?
You can find info about the logged user in the request.user method
Here an example if you want to know the username:
username = request.user.username
If you make use of the AuthenticationMiddleware [Django-doc] (this is the default if you create a new project), then this middleware will add a .user attribute [Django-doc] to the request. This is a lazy loaded user model object, or the AnonymousUser [Django-doc] if the user has not logged in.
But if tyhe user thus has logged in, this is a user model object just like any other. You thus can access fields, methods, etc. from that object, and use it when you create an object to let a ForeignKey refer to that user.
If you for example use the default User model [Django-doc], then you can access attributes like request.user.first_name, request.user.last_name, request.user.username, etc.
I'm using a customized form in the admin, with many readonly fields depending on logged in user's permissions.
Now, if I try to save the form logged in as a non-supersuser, I have a this field is required error for all required fields that are readonly.
It's really strange since I never experienced this before.
Any help on that?
In Django, I made a UserProfile class and linked it to the User with
user = models.OneToOneField(User)
That works fine, looks like this:
Where the UserProfile is visible (with only one field).
However, I am also using the list_editable option that I discovered today. I can get the User fields editable in list view, like this:
Very nice feature, but one I can find little information about.
What I want to do is add UserProfile fields to this list in an editable way (the email_verified field in the above example, to begin with).
Is that possible to do (without changing Django code)? If so, how would I do that?
Many thanks,
UPDATE: Seriously, how can I make the question more useful if I can't use links, images, nothing? Information about list_editable is in the Django help, hopefully Google helps.
You can use inheritance of User model and get rid from Profile. In my opinion this is better way. Here you can read about this: http://scottbarnham.com/blog/2008/08/21/extending-the-django-user-model-with-inheritance/
And then just add email_verified to list_editable
Okay, this one is pretty obvious to everyone who use Django and frequently asked by newbies, but I'd like to make it clear and discuss if there are any other ways to do it. The most widespread and convenient approach now is to store email in username field as Django 1.2 allows "#", "_" and "-" characters, but this way has following issues:
The worst one: username field is restricted by max_length=30 property, which is ridiculously small for emails. Even if you override form validation, DB will have varchar(30) instead of EmailField's varchar(75) unless you alter your table manually.
You need to store your email data both in username and email field to make User.email_user() working. I think there are some other places when User.email is used.
Code readability fail. Sure, other djangonauts know about this pitfall, but treating field called 'username' (especially when there is still email field) as email obviously makes your code less understandable.
The other approach could be authentication using email field by passing it to your auth backend like so, but it still has problems:
authenticate(self, email=None, password=None)
User.email doesn't have unique=True property, which means that your DB won't have index, making your lookups by email slow like hell.
You have to deal with username field, which has unique=True, by completely removing it from your table or altering it to allow NULL and removing index.
Resuming, both ways are evil and require DB-specific code to be executed after syncdb, which is unacceptable if you need DB-independent application.
I've packaged up django-email-as-username which should pretty much do everything you need if you're looking to remove usernames, and only use emails.
The brief overview is:
Provides an email auth backend and helper functions for creating users.
Patches the Django admin to handle email based user authentication.
Overides the createsuperuser command to create users with email only.
Treats email authentication as case-insensitive.
Under the hood usernames are hashed versions of the emails, which ends up meaning we're not limited to the Django's username 30 char limit (Just the regular email 75 char limit.)
Edit: As of Django 1.5, you should look into using a custom User model instead of the 'django-email-as-username' package.
David Cramer came up with a solution to this problem that I love. I'm currently using it on a production site where the user has to be able to log in using their email OR their username. You can find it here:
Logging In With Email Addresses in Django
If the login name provided on the form is an email (contains the '#' symbol), it will attempt to authenticate with that, and will fall back on the username if it isn't an email. (Naturally, you just need to make sure your registration form captures an email for this work.)
Well, I haven't had to use emails as usernames in Django but I guess You could create a UserProfile model and aggregate fields to it, like another email field and make it unique. So you could do user.get_profile().email for your authentication.
I guess other way to go would be to inherit User and redefine the fields, but I think this still not recommended by Django developers.
Finally you could define your own custom User model and back on the django.contrib.auth.models.User for some logic.
Code to alter User table within Django:
from django.db import connection
cursor = connection.cursor()
cursor.execute("ALTER TABLE auth_user MODIFY COLUMN username varchar(75) NOT NULL")