Maybe I am not asking the right question in the search area, but I can't find an answer for this. I am pretty sure that many people have this use case, but as a beginner in Django + Python, I need to ask it.
I have user that fills up a form and the data is stored in the database. Basically this form asks for an access to a Database and after the form is submitted I want my program to send an email to the user's manager and to the DBA to APPROVE or DENY it. Very simple, right?
My idea is that in this e-mail I send two URL's, one for approving and one for denying the request. When the URL the is clicked I send a response to the server with an update in the manager_approval field.
Has anyone implemented this solution, or could point me to something that could help me?
I am doing everything using Django + Python.
Regards,
Marcos Freccia
Basically this technique used in email verification. This is where you should look into.
Let's say you have model, named request, which has field like username to identify the person who requested access, database name, well, everything. But it will also have two "password-like" fields which will be used to determine if request was declined or not.
class Request(models.Model):
user = models.ForeignKey ...
databasename =
date =
...
access_granted = models.BooleanField(default=False)
deny_token = models.CharField()
allow_token = models.CharField()
The point is to generate those tokens on saving request in the View:
if request.method == POST:
form = RequestForm(request.POST)
if form.is_valid():
data['user'] = form.cleaned_data['user'])
data['databasename'] = form.cleaned_data['databasename'])
...
data['access_token'] = GENERATE_USING_HASH_FUNCTION()
data['deny_token'] = GENERATE_USING_HASH_FUNCTION()
form.save(data)
Then you can use module EmailMultiAlternatives to send html email like so:
subject, from_email, to = 'Request', 'admin#example.com', form.cleaned_data['manager_email']
html_content = render_to_string(HTML_TEMPLATE, CONTEXT) # Just as any regular templates
text_content = strip_tags(html_content)
msg = EmailMultiAlternatives(subject, text_content, from_email, [to], reply_to=["admin#example.com"])
msg.attach_alternative(html_content, "text/html")
msg.send()
And inside that template you construct reverse url:
{% url 'app:grant_access' allow_token=token %} # "token" you get from context
{% url 'app:deny_access' deny_token=token %} # will become example.com/deny_access/7ea3c95, where 7ea3c95 is token
Then add lines to urls.py of your app like that:
url(r'^allow_access/(?P<allow_token>[0-9]+)$', CheckAcessView.as_view(), name="app:grant_access"),
url(r'^deny_access/(?P<deny_token>[0-9]+)$', CheckAcessView.as_view(), name="app:deny_access"),]
Then create CheckAcessView view. Where you access request stored in your database and check if, for example, parameter of url "allow_token" is equal stored allow_token. If so, change request status to allowed.
Related
I am trying to add messaging functionality to my web app made in Django.
So far, I have managed to successfully send and receive messages from user to user.
But, now I have been stuck at showing all the conversation lists to the inbox.html page of the logged user.
I have tried different approaches that I can think of but can not get the expected result.
models.py
class Messaging(models.Model):
sender = models.ForeignKey(User, on_delete=models.CASCADE, related_name='sender')
receiver = models.ForeignKey(User, on_delete=models.CASCADE, related_name='receiver')
message_text = models.TextField(max_length=360, verbose_name='Write Message')
message_date = models.DateTimeField(auto_now_add=True)
def __str__(self):
return f'{self.sender}\'s Message to {self.receiver}'
viwes.py
Function to send and receive messages from user to user
#login_required
def messageview(request, user_name):
sender_user = request.user
receiver_user = User.objects.get(username=user_name)
message_list = Messaging.objects.filter(sender=sender_user, receiver=receiver_user).order_by('message_date') | \
Messaging.objects.filter(receiver=sender_user, sender=receiver_user).order_by('message_date')
if request.method == 'POST':
msg_text = request.POST.get('msg_text')
messaging = Messaging()
messaging.sender = sender_user
messaging.receiver = receiver_user
messaging.message_text = msg_text
messaging.save()
return redirect(request.META['HTTP_REFERER'])
context = {
'sender_user': sender_user,
'receiver_user': receiver_user,
'message_list': message_list,
}
return render(request, 'message.html', context)
Now I want to create an inboxview in views.py that will render all the conversation of the logged user.
Suppose I have two users in the database A and B, they have exchange 4 messages between them. What I want is to show the conversation as a list, which is in this case only one. For example, the logged user is A, he exchanges messages with user B and C. The inbox will show two rows. When user A clicks on either of the rows, he will be taken to the details message page corresponding to the user. It is kinds of like WhatsApp or messenger. I hope I can explain.
Edited: Added example image for better understanding
I am able to do this:
I need help to do this:
Please guide me the way.
You could try something like this.
This view will query the Messaging model and get all entries where sender or receiver is the logged in user.
#login_required
def inbox(request, user):
# Get all the records where either sender OR receiver is the logged in user
messages = Messaging.objects.filter(sender=request.user) | Messaging.objects.filter(receiver=request.user)
context = {'messages': messages}
return render(request, 'inbox.html', context)
You can add any extra lines of code to the above code that suits your requirements.
inbox.html
{% for message in messages %}
# You can show your message details here
{% endfor %}
I build an API with django and I'm automating the welcome email at creation of one user with Sendinblue. I have no problem at this step. (so we are at the url /add_user/)
I have a second url to send a link (uid + token) to a user (thanks to his email). For that I use an external package : djoser. So I use the url of djoser /auth/users/reset_password/ and /auth/users/reset_password_confirm/
My dream would be to combine /reset_password/ and /add_user/ in the single url /add_user/
My problem is that the logic in /reset_password/ and /reset_password_confirm/ was written by djoser so I can't handle it. Or I don't know how !
Here is what I tried to override djoser views :
in urls.py:
path('custom_djoser/', ChangeCredentialsView.as_view(), name='customdjoser'),
in views.py:
class ChangeCredentialsView(UserViewSet):
def post(self, *args, **kwargs):
print("hello world")
return JsonResponse({"helloworld":"success"})
got the following error :
The actions argument must be provided when calling .as_view() on a
ViewSet. For example .as_view({'get': 'list'})
So I removed the .as_view() in urls.py and got this error :
Forbidden (CSRF token missing or incorrect.): /custom_djoser/
For me its incomprehensible because I don't use csrf token, but I tried with #csrf_exempt in a dispatch function inside my class. I tried to define class ChangeCredentialsView(UserViewSet, APIView): as my other class with authorization token. Nothing to do, everytime error with csrf token.
I may explore a really painful and stupid way to do what I want to do, please tell me if there is an easier way to do this !
#Scratch'N'Purr I answer to you here because of the lack of space in comments :
currently my add_user view looks like this (the most important part because its huge)
class AddUserView(generics.CreateAPIView, APIView):
def post(self, request):
newUser = User(
username = request.POST.get('username'),
password = request.POST.get('password'),
email = request.POST.get('email'),
image = request.FILES['image'],
full_name = request.POST.get('full_name'),
user_type = request.POST.get('usertype'),
contact_number = request.POST.get('phone')
)
newUser.save()
**** then lines of code to send email with Sendinblue ****
Usually I use request.data to get the request body but here there is a file so I had to use formdata.
and I have to confess I don't know a lot about serializers and don't use it
I'm managing to send emails to users that are present in my table and then showing success message on the same page. I'm successfully sending email to users(taking their id and then their email to send). While creating urls, I need to mention id as well which redirects me to another page. But what I want is to be redirected on the same page.
Here's the table which contains the users:
After clicking Send Mail, I'm taking the userid then email with this and then sendig mail.
Taking userid:
</button><span class="badge badge-success">Send Mail</span>
Here's my views.py code on this button:
def sendMails(request, id=None):
query_user = get_object_or_404(NewUser, id=id)
user_email = query_user.user
admin_email = request.user.email
result = send_emails(request, admin_email, user_email)
context = {
'code': result
}
return render(request,'requested_users.html', context)
And urls.py:
path('dashboard/requested_users/<id>', views.sendMails, name='sendMails'),
What I want to be on same page even after sending mail(such that the urls will be):
path('dashboard/requested_users/', views.sendMails, name='sendMails'),
But if I'm not providing the id in the urls, it's giving me the error:
Reverse for 'sendMails' with keyword arguments '{'id': 1}' not found.
I know I've asked a long question, but I'm really stuck into this.
Thank you in advance.
My scenario:
My app, handles signup at /profile/signup/ using SingupView(FormView).
class SignupView(FormView):
template_name = "profile/signup.html"
template_name_signup_confirmed = "profile/created.html"
template_name_inactive = "profile/inactive.html"
def form_valid(self, form):
# Create and save inactive user
self.created_user = self.create_user(form, commit=False)
self.created_user.is_active = False
self.created_user.save()
# Create and save user's profile
profile = self.create_profile(form)
# Send registration email
self.send_registration_email([self.created_user.email], registration_code=profile.registration_code)
# Response
return render_to_response(self.template_name_signup_confirmed, {'email': self.created_user.email})
def form_invalid(self, form):
if 'email' in form.errors and form.errors['email'].as_text() == \
'* An inactive user is registered with this email address.':
return render_to_response(self.template_name_inactive, {'email': form.data["email"]})
return render_to_response(self.template_name, self.get_context_data(form=form))
In SingupView().form_valid(form) the User and his Profile are created, user is signed up, but inactive.
After that, in my case there is not success url to redirect, but render a new page, at the same address (/profile/signup/) with a new html saying "An email was sent at youremail#email.com, check and activate".
The same case when an inactive, registered user, tries to signup again, he will get a new page, rendered at the same adress /profile/signup/ saying 'Your email youremail#email.com is already in our db but is not active.. .'
My questions:
Can anyone explains if this is a good way to go, or I need to redirect to new urls, controlled by a new views?
Is there any security risk by using render instead of redirect? Especially on user sign in/sign up?
What is the difference when using redirect or render a new template at the same address? What is the best practice in Django?
Is it ok, to display user's email, in the signup confirmation page and also in the alert page that says that user is registered but inactive in db?
The common pattern for this sort of behaviour is to use a redirect.
I would personally prefer that as it avoid the confuson of one view doing two things - one view displays and processes the form, the other displays a success message.
If the user manages to POST the form data a second time, what do you do?
https://en.wikipedia.org/wiki/Post/Redirect/Get
I am not aware of any greater security risk from using render rather than redirect (though someone with more expertise may know more than me about that).
Im trying to understand the django-registration app, and now Im able to send emails to users with activation key. What Im not able to figure out is how to send the activation key back to server when the user clicks a link in his/her email.
class AbstractEmailUser(AbstractBaseUser, PermissionsMixin):
.....
.....
def send_activation_email(self, email):
email = email
ctx_dict = { 'activation_key' : self.activation_key,
'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS,
}
subject = render_to_string('activation_email_subject.txt', ctx_dict)
subject = ''.join(subject.splitlines())
message = render_to_string('activation_email.txt', ctx_dict)
send_mail(subject, message, 'gccFishing.com', [email], fail_silently = False)
def activate(self, activation_key):
if SHA1_RE.search(activation_key):
try:
self.get(activation_key = activation_key)
except:
self.model.DoesNotExist
return False
if not self.activation_key_expired():
self.is_active = True
self.activation_key = self.model.ACTIVATED
self.save()
return self
return False
What code should go inside activation_email.txt for creating a link that calls the activate method with activation_key ?
Or is there a better way of doing it?
Any help will be awesome. Thanks
Try something like this in your email if you are using the sites django app:
http://{{ site.domain }}{% url registration_activate activation_key %}
Or else change site.domain with the DNS of your site. your
If I remember correct, django-registration already contains an example activation_email.txt in its templates, check it out.
Update
I don't think that you should put the activation login in your User class. You definitely cannot do {% url user.registration_activate activation_key %} since you must pass a View to the url template tag! You cannot create a link without a view function (or a CBV).
What you have to do is to create a view that searches the Profiles for the activation_key and activates it. Check the ActivationView method of django-registration / registration / backends / default / views.py.
If you want to implement custom logic to your app just sublclass ActivationView and use your class in the urls.py instead of the default (django-registration / registration / backends / default / urls.py):
url(r'^activate/(?P<activation_key>\w+)/$', ActivationView.as_view(), name='registration_activate'),