I'm querying through some filters (django-filters) a list of Book objects, what I want to do is save my research (aka my url with the GET params), creating a Bookmark object for the user.
models.py
class Bookmark(models.Model):
user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
name = models.CharField(max_length=20)
url = models.URLField(max_length=200)
forms.py
class BookmarkForm(BootstrapForm, forms.ModelForm):
class Meta:
model = Bookmark
fields = ['nome', 'url']
widgets = {
'url': forms.HiddenInput()
}
To do so I'm extending a CreateView and trying to pass current url to the initial valued of bookmark.url.
class AddBookmarkView(PermissionRequiredMixin, LoginRequiredMixin, CreateView):
permission_required = 'core.add_bookmark'
template_name = 'core/bookmark_form.html'
model = Bookmark
form_class = BookmarkForm
def get_initial(self):
initial = super().get_initial()
initial['url'] = request.GET.urlencode()
return initial
def get_success_url(self):
return reverse('elenco_libri')
def form_valid(self, form):
bookmark = form.save()
bookmark.user = self.request.user
bookmark.save()
return HttpResponseRedirect(self.get_success_url())
This doesn't get anywhere because I don't have the GET request in get_initial() function. Where could I store the url? I thought about the get() function but I don't know how. Can anyone help? Thanks in advance.
This doesn't get anywhere because I don't have the GET request in get_initial() function.
Actually you have, the request object in a class-based view is an attribute: self.request.
So you can generate a URL with:
class AddBookmarkView(PermissionRequiredMixin, LoginRequiredMixin, CreateView):
permission_required = 'core.add_bookmark'
template_name = 'core/bookmark_form.html'
model = Bookmark
form_class = BookmarkForm
def get_initial(self):
initial = super().get_initial()
initial['url'] = self.request.GET.urlencode()
return initial
def form_valid(self, form):
bookmark = form.save(commit=False)
bookmark.user = self.request.user
bookmark.save()
return HttpResponseRedirect(self.get_success_url())
The above will however, only give you the querystring. If you are interested in the path as well, you might want to use request.get_full_path() [Django-doc].
You probably also do not want to save the object to the database in the form_valid function, so first obtain the bookmark, then set the user, and then save that object to the database.
Note that a HiddenInput() is rendered at the client side, and thus can be tampered with. Furthermore I'm not convinced that setting a bookmark through a form is per se necessary. You could construct a view that for example sets a bookmark with an AJAX call, and render a form with JavaScript to set the name and submit the bookmark.
Related
I implemented this functionality with using FBV, but when I'm trying to use CBV, Objects were created with empty user field.
views.py
class BlockCreate(CreateView):
model = TrainingBlock
template_name = 'training_room/create_block.html'
form_class = BlockForm
success_url = reverse_lazy('gym')
def set_user(self, form):
form.instance.user = self.request.user
return super(BlockCreate, self).set_user(form)
models.py
class TrainingBlock(models.Model):
user = models.ForeignKey(User, on_delete=models.CASCADE)
name = models.CharField(max_length=30)
duration = models.IntegerField(default=10)
if_ended = models.BooleanField(default=False)
def __str__(self):
return self.name
forms.py
class BlockForm(forms.ModelForm):
class Meta:
model = TrainingBlock
fields = '__all__'
exclude = ['user']
There is no .set_user method in a CreateView, hence the logic will never get invoked. You use .form_valid(…) [Django-doc] instead:
from django.contrib.auth.mixins import LoginRequiredMixin
class BlockCreate(LoginRequiredMixin, CreateView):
model = TrainingBlock
template_name = 'training_room/create_block.html'
form_class = BlockForm
success_url = reverse_lazy('gym')
def form_valid(self, form):
form.instance.user = self.request.user
return super().form_valid(form)
Note: You can limit views to a view to authenticated users with the
#login_required decorator [Django-doc].
Note: It is normally better to make use of the settings.AUTH_USER_MODEL [Django-doc] to refer to the user model, than to use the User model [Django-doc] directly. For more information you can see the referencing the User model section of the documentation.
Note: Since PEP-3135 [pep], you don't need to call super(…) with parameters if the first parameter is the class in which you define the method, and the second is the first parameter (usually self) of the function.
I've been trying to pass the values of a newly created object to the next CreateView so that a new child model can be created.
This is what happens:
User creates the Parent model through a CreateView
If the form is valid the success_url redirects to the CreateView of another Child model. The child model in order to be created, needs the id of the Parent Model (ForeignKey relationship).
Once the Child Model is created redirect to a completed page.
Below I have an example of my code.
class AddParentModelView(LoginRequiredMixin, CreateView):
model = ParentModel
template_name = "dashboard/add_parent_model.html"
form_class = ParentModelForm
success_url = '/REDIRECT_TO_CHILD_MODEL/'
def form_valid(self, form):
form.instance.owner = self.request.user
# I Also tried sessions:
# self.request.session['parent_id'] = form.instance.id
# But they return None:
# print(self.request.session["venue_id"])
return super().form_valid(form)
class AddChildModelView(LoginRequiredMixin, CreateView):
model = ChildModel
template_name = "dashboard/add_child_model.html"
form_class = ChildModelForm
success_url = '/thanks/'
What's the proper way to approach this? If possible, please explain your solutions.
Thanks in advance!
Define get_success_url() on AddParentModelView to return the child URL including the ID of the parent.
For example, if AddChildModelView has a URL like:
path('/<int:parent_id>/add_child', AddChildModelView.as_view(), name='add-child')
then define the method like:
def get_success_url(self):
return reverse('add-child', kwargs={'parent_id': self.object.id})
views.py
class EditPost(UserPassesTestMixin, LoginRequiredMixin, UpdateView):
model = Posts
form_class = PostForm
template_name="posts/add_post.html"
def test_func(self):
x = self.request.user.pk
print (x)
y = Posts.objects.get(user='user')
print (y)
if x == y:
return True
else:
if self.request.user.is_authenticated():
raise Http404("You are not allowed to edit this Post")
models.py
class Posts(models.Model):
user = models.ForeignKey(settings.AUTH_USER_MODEL, default=1)
post = models.CharField(max_length=1200, blank=False)
How do i match the loggedin user and the user object of the Post
i could not find any solution since i am using class based views.
try this:
add dispatch to EditPost class
def dispatch(self, request, *args, **kwargs):
obj = self.get_object()
if obj.user != self.request.user:
raise Http404("You are not allowed to edit this Post")
return super(EditPost, self).dispatch(request, *args, **kwargs)
Doing the check in test_func is tricky. You need to fetch the object once in test_func to check whether the user is allowed to use it, and then the object is fetched again by the same fiew.
An easier approach is to override the get_queryset method. If the user is not the author of the post, they will get a 404.
class EditPost(LoginRequiredMixin, UpdateView):
def get_queryset(self):
return super(EditPost, self).filter(user=self.request.user)
To add to the previous posts, try this:
Add to your class EditPost:
login_url = 'your url name or path to login page'
def test_func(self):
obj = self.get_object()
return obj.author == self.request.user
The test_func method is used by UserPassesTestMixin for this particular logic. To override it we set variable obj to the current object returned by the view using get.object().
After that, if the author on the current object (obj.author) matches the current user (self.request.user) we allow editing. If not (i.e. false) we throw an error.
login_url is from LoginRequiredMixin and the default location is /accounts/login. To override it, set your own path or name of the login template. This will take those people who are not logged in to the login page.
Hello Everybody excuse my english....
I am facing a problem with django.
I need to restrict object so only their owners can print it.
Model.py
class Post(models.Model):
title = models.CharField(max_length=50, blank=False)
prenom = models.CharField(max_length=255, blank=False)
user = models.ForeignKey(User, null=False)
View.py
class detailpost(DetailView):
model = Post
template_name = 'detail-post.html'
context_object_name = 'post'
url.py
url(r'detail-post/(?P<pk>[-\d]+)$', views.detailpost.as_view(), name='detailpost'),
This works properly but the problem is that every users can access to the post of another user (http://localhost:8000/detail-post/1). So my question is how can i do some stuff befor rendering the page and see if the post belongs to the current user if yes we print it else we redirect the user to another page.
You can use the LoginRequiredMixin (new in Django 1.9) to make sure that only logged in users can access the view.
Then override the get_queryset method, and filter the queryset so that it only includes posts by the logged-in user.
from django.contrib.auth.mixins import LoginRequiredMixin
class DetailPost(LoginRequiredMixin, DetailView):
model = Post
template_name = 'detail-post.html'
context_object_name = 'post'
def get_queryset(self):
queryset = super(DetailPost, self).get_queryset()
return queryset.filter(owner=self.request.user)
If the user views a post that does not belong to them, they will see a 404 page. If you must redirect the user instead of showing a 404, then you'll have to take a different approach.
Note that I have renamed your class DetailPost (CamelCase is recommended for classes in Django. You'll have to update your urls.py as well.
You can override get() or post() method in your view class.
from django.shortcuts import redirect
class detailpost(DetailView):
model = Post
template_name = 'detail-post.html'
context_object_name = 'post'
def get(self, request, *args, **kwargs):
self.post = Post.objects.get(pk=self.kwargs['pk'])
if self.post.user != request.user or not request.user.is_superuser:
return redirect('login')
else:
return super(detailpost, self).get(request, *args, **kwargs)
You should override 'get()' method in your 'detailpost' class, so that it would be something like below:
def get(self, request, *args, **kwargs):
queryset = self.model._default_manager.filter(user=request.user)
self.object = self.get_object(queryset)
context = self.get_context_data(object=self.object)
return self.render_to_response(context)
It seems like it is the only way to pass User from Request instance to filter queryset.
I did not find that DetailView uses self.request
I'm practicing django Class-Based-View with a basic blog application.
For some reason, however, the CreateView for my Post model is not saving the post inside the database.
models.py
class Post(models.Model):
user = models.ForeignKey(User)
post_title = models.CharField(max_length=200)
post_content = models.CharField(max_length=500)
post_date = models.DateTimeField('date posted')
forms.py
class PostForm(forms.ModelForm):
class Meta:
model = Post
exclude = ('user', 'post_date')
views.py
class PostCreate(CreateView):
template_name = 'app_blog/post_save_form.html'
model = Post
form_class = PostForm
def form_valid(self, form):
form.instance.user = self.request.user
form.instance.post_date = datetime.now()
return super(PostCreate, self).form_valid(form)
It displays content without generating any error, but when I check the admin page,
the post created by the CreateView is not saved in the database..
Any idea..??
Thanks
One tip: don't use exclude when defining forms, use fields, is more secure and the recommended way to do it.
The redirect is defined by get_success_url method. If you have in your model the method get_absolute_url CreateView will redirect to that URL, otherwise you can always override get_success_url in your view.
Using get_absolute_url:
class Post(models.Model):
user = models.ForeignKey(User)
post_title = models.CharField(max_length=200)
post_content = models.CharField(max_length=500)
post_date = models.DateTimeField('date posted')
#permalink
def get_absolute_url(self):
return ('myurlname', (), {'myparam': something_useful})
Using get_success_url:
class PostCreate(CreateView):
template_name = 'app_blog/post_save_form.html'
model = Post
form_class = PostForm
def form_valid(self, form):
form.instance.user = self.request.user
form.instance.post_date = datetime.now()
form.save()
return super(PostCreate, self).form_valid(form)
def get_success_url(self):
return reverse('myurlname', args=(somethinguseful,))
I think you will find this page very useful when working with CBVs:
http://ccbv.co.uk/projects/Django/1.5/django.views.generic.edit/CreateView/
the problem is that you are excluding fields that are mandatory, so it won't pass through your form validation.
You should pass this fields hidden with some default value, let the use fill them, set them to null=True or populate them before you access form_valid
I came across this question today after many years but those answer seems not correctly.
The main issue here is the form.instance is None for CreateView. So my approach is below as suggestion form django docs:
def form_valid(self, form):
instance = form.save(commit=False)
instance.user = self.request.user
instance.post_date = datetime.now()
instance.save()
return redirect(self.get_success_url())
I think this is a simple case of not calling form.save(). When the form is validated, all of the checks are done, but it doesn't actually save the object in the database. To do that, you explicitly need to tell it to, via the save() method.
So you want:
class PostCreate(CreateView):
template_name = 'app_blog/post_save_form.html'
model = Post
form_class = PostForm
def form_valid(self, form):
form.instance.user = self.request.user
form.instance.post_date = datetime.now()
form.save()
return super(PostCreate, self).form_valid(form)