For a project I'm working on, we're still undecided whether the site will launch on an invite-only basis, or be open to the general public immediately. Notwithstanding the management of invites, how would one go about to render a public site invite-only in Django?
One way I can come up with is adding #login_required to all views, but that seems to be too labour intensive... In other words, is there a way to restrict the use of the site to those who have login credentials in one swoop?
Thanks in advance!
Have you looked at the privatebeta application (PyPI, GitHub)? It seems like that does what you are looking for. Otherwise you can at least have a look at their middleware component to base your code on.
Perhaps you could use signals to catch people that are not logged in:
http://docs.djangoproject.com/en/dev/ref/signals/#django.core.signals.request_started
Or you could fiddle with the urlpatterns somehow, so that the urlpatterns list only contains the required login stuff when you're not logged in. That would work, right?
Related
I have built my first Django App! It is built to help my business track inventory. As such, I would not like it to be publicly available.
Maybe someday I will set up multiple user accounts, etc, but for now I really just need a basic password gate to get it up and running.
Does anyone have any middleware that works for this? All the solutions that I am finding are pretty old and they do not seem to work with the latest version of Django.
If you just need a single username/password couple, handling it directly via HTTP authentication in your webserver configuration will be the easiest way to achieve this. The benefits of this approach are:
You can set it up in 5 minutes: example with nginx, example with apache
You don't have to write code you'll delete later
It will protect all your website, including static files, third-party apps, admin, etc.
I found an answer that worked for me posted here:
#login_required for multiple views
Make sure the LOGIN_REQUIRED_URLS_EXCEPTIONS path is correctly set to your login page.
I'm currently using out-of-the-box django.contrib.auth to handle authentication in my Django app. This means that the user starts at a log in page and is redirected to the app on successful login. I would like to make my app single-page, including this login process, where a redirect doesn't happen, but maybe a "hot" template switch-out or some fancy client-side div magic (that still remains secure). My Google searching turned up pretty short, the closest solution dealing with putting a log in form on every page.
Any direction or ideas here would be much appreciated. I would obviously prefer to work within the existing confines of django.contrib.auth if possible, but I'm open to all solutions.
I'm not sure I understand your question completely. I think you want to have a single page. If so, put logic in your template that checks to see if the user is authenticated. If not, display a login form that POSTS to the appropriate django.contrib.auth view. You can supply an argument to this view to have it redirect back to your page. When you come back, the user will be authenticated, so you won't display the login form.
Have a look at Django-Easy-Pjax https://pypi.python.org/pypi/django-easy-pjax - it works like a charm and is well documented. Everything you like is being made with AJAX requests: links, forms using GET and forms using POST.
Essentially you only need to add a data-pjax="#id_of_the_container_where_the_result_goes" attribute in your a and form tags.
And the great thing about it: It updates the title and location bar of your browser.
One caveat: If you want to upload files in some form, this is not supported by Easy-Pjax, so you might want to use some workaround jQuery library for that.
I've done research on Django Postman and it seems to be the most solid private user to user messaging platform out there. I've looked at the Django Postman documentation but it's very template orientated. For developers who use Django as a back end and only care about the views.py and urls.py, the documentation doesn't say much.
I did however find this: https://bitbucket.org/psam/django-postman/src/6ff9fdf9c33f7365a7235a789af2e47f47d9c4fa/postman/views.py?at=default
It seems pretty promising so I'm going to give it a try. My only issue is how can one set up the postman views in views.py and the urls in urls.py to create a messaging system similar to Facebook's?
(ie. A thread like messaging conversation system, a central inbox where all the messages come together from each user showing the last message from each user, messages in the inbox are sorted by conversation rather than the message, the time of the last message sent, allowing multiple recipients)
Below I've posted a picture of Facebook's messaging platform. This is what I am essentially trying to achieve with Django Postman.
Facebook Example http://screenshots.en.sftcdn.net/en/scrn/73000/73077/facebook-19-371x535.jpg
If you have any pointers, hints and ideas on how I can set up the views.py, I would greatly appreciate it! Thank You
I've run into this issue before.
You need to strictly override some of the views in there by clonning/forking the project and install it from your own location, because as you noted, postman is template-oriented because it's meant to only get the needed templates configured and a few settings. I mean, the backend is meant to work as is.
What you need to do is override stuff like:
Message model's recipient field to be a ManyToManyField
customize the views based on your needs and be careful with Message.replied_at
make sure you allow a user to reply to their own messages (by default, it was not allowed when I ran into this, not sure now)
Depending on your needs, maybe you'll want to override something else, but this is a good start. If you need it facebook-like, you'll need to use some push libraries as Pusher or Juggernaut, maybe you're interested in them also.
Good luck! :)
Is there a good way to have both the login and register forms for django-registration on one page? I've had trouble finding a way to do it now that the backend system is enforced. Is there a view that can be overwritten that would allow you to add both forms to it? Anyone done this before or can point to an article about this?
Edit: Just to clarify I have the whole django-registration and login system set up and working properly, I'd just like to get both forms on the same page. I do not have access to their views.
Just hard-code your login-form in the registration-html-template. It should work like a charm.
You can always override the default login and registration views/templates. You can take a look at this link and see if this was what you were thinking to do. Then, you can read the Django documentation for further information about making custom login and registration views and templates as well.
I've been working through an issue with my django project. The issue is I've got one project, which will retrieve data for users of different clients. I need to know 'from where' a viewer is coming from (request.path [my original solution]). I've been looking at a number of different options which sound close to what I want to do, but I'm not sure what the best option is, not having done this before.
My first option was to add a url in the urls.py with a 'tag' or 'keyword' then look for that tag/keyword in the request.path, which I'd add as a session key. Then go onto get the data.
Something else I started looking at was the sites framework. After reading through the documentation, I'm still confused how sites actually works, so I'm not sure if this is the right option.
Another solution talked about using middleware, this came up in connection with the research into using the sites framework.
And then yet another talked about doing this in apache.
Could some one help point me in the right direction?
Cheers,
T
If you need to know from which URL came your user to your currrent page you should check the REFERER http header, available in request.META.get('HTTP_REFERER').
See http://docs.djangoproject.com/en/1.2/ref/request-response/#ref-request-response for more informations.
Be careful though, the referer meta is not mandatory and could be missing due to private browsing or direct access to the page from the URL bar.
It's not completely clear from your question, but if you're asking for the URL that the user was on before coming to the current page, you probably want request.META['HTTP_REFERRER'].
Edit after comment
That would be a very bad idea. Global variables are not safe given that you potentially have multiple requests being processed at the same time. The referrer is already available from the request, which can be accessed in all views and templates, so I don't know what else a middleware would give you.