We Keep Coding

How to set a permanent value to a Django Form Field

I am building blogsite where authenticated user can add post. The form has three fields including 'user' field (which shows all the user list with a drop down option). The problem is authenticated user can also see other user name.
I have tried two solution
Exclude this field when rendering in template or
whatever the username is chosen the post post will be saved by the name of authenticated user
but the solution I want
'user' field will only show the name of the authenticated user and that will be submitted with title and description
class BlogForm(forms.ModelForm):
class Meta:
model = Blog
fields = '__all__'
view function
if fm.is_valid():
us = fm.cleaned_data['user']
ti = fm.cleaned_data['title']
ds = fm.cleaned_data['desc']
post = Blog(user=us, title=ti, desc=ds)
messages.success(request, 'Blog Created')
post.save()
{% csrf_token %}
{{form.user.label}}{{form.user}}<br><br>
{{form.title.label}}{{form.title}}
{{form.desc.label}} {{form.desc}}

in model form only include "title" and "desc" field so template not render "user" field, we can set user in views.py via dynamically
class BlogForm(forms.ModelForm):
class Meta:
model = Blog
fields = ('title','desc',)
#views.py here we can set user via dynamically user=request.user
if fm.is_valid():
ti = fm.cleaned_data['title']
ds = fm.cleaned_data['desc']
post = Blog(user=request.user, title=ti, desc=ds)
messages.success(request, 'Blog Created')
post.save()

In your Form class
def __init__(self, *args, **kwargs):
super(YourForm, self).__init__(*args, **kwargs)
self.fields['user'].disabled = True
initialise your form:
data = {'user': request.user}
fm = YourForm(initial=data)
next:
if fm.is_valid():
us = fm.cleaned_data['user']
ti = fm.cleaned_data['title']
ds = fm.cleaned_data['desc']
post = Blog(user=us, title=ti, desc=ds)
messages.success(request, 'Blog Created')
post.save()
Your form will get the user from request, so you do not have any dependency for user from form.

'RegisterForm' object has no attribute 'is_valid'

This Is models.py
from django.db import models
class RegisterForm(models.Model):
fname = models.CharField(max_length=100)
lname = models.CharField(max_length=100)
pno = models.CharField(max_length=100)
email = models.EmailField(max_length=200)
pass1 = models.CharField(max_length=100)
pass2 = models.CharField(max_length=100)
This is my Views.py
from django.shortcuts import render
from .models import RegisterForm
# Create your views here.
def registerView(request):
if request.method=='POST':
fm = RegisterForm(request.POST)
if fm.is_valid():
fname = fm.cleaned_data['fname']
lname = fm.cleaned_data['lanme']
pno = fm.cleaned_data['pno']
email = fm.cleaned_data['email']
pass1 = fm.cleaned_data['pass1']
pass2 = fm.cleaned_data['pass2']
reg = RegisterForm.save(fname = fname,lname=lname,pno=pno,email=email,pass1=pass1,pass2=pass2)
reg.save()
fm = RegisterForm()
else:
fm = RegisterForm()
return render(request, 'register.html', {})
Request Method: POST
Request URL: http://127.0.0.1:8000/
Django Version: 3.2
Exception Type: AttributeError
Exception Value: 'RegisterForm' object has no attribute 'is_valid'
Exception Location: H:\Django\authetication\users\views.py, line 7, in registerView

You created a model, not a form.
Now you need to create forms.py in-app
from django import forms
from .models import Profile
class ProfileForm(forms.ModelForm):
class Meta:
model = Profile
fields = '__all__'
You can use all for all fields in the model but you can put only chosen fields in the form via tuple ('field_name', 'field_name')

Your RegisterForm is a model, not a model form, hence RegisterForm(request.POST) makes no sense, and your RegisterForm has no .is_valid(…) method. A model deals with storing data in the database, whereas a form will receive, validate and clean data.
It looks like you want to define a profile, so you can implement a Profile model:
# app_name/models.py
from django.db import models
class Profile(models.Model):
fname = models.CharField(max_length=100)
lname = models.CharField(max_length=100)
pno = models.CharField(max_length=100)
email = models.EmailField(max_length=200)
pass1 = models.CharField(max_length=100)
pass2 = models.CharField(max_length=100)
and then define a ModelForm based on that model:
# app_name/forms.py
from django import forms
class ProfileForm(forms.ModelForm):
class Meta:
model = Profile
fields = '__all__'
Then in the view you can work with:
from django.shortcuts import render
from .forms import ProfileForm
def registerView(request):
if request.method == 'POST':
form = ProfileForm(request.POST)
if form.is_valid():
form.save()
return redirect('name-of-some-view')
else:
form = ProfileForm()
return render(request, 'register.html', {'form': form})
You however should probably make modifications to your model: only use one field where you store the password, and likely the password should be hashed to prevent a data leak in case data of your database got stolen. Django already has a user model, and thre documentation has a section named Customizing authentication in Django. That can help you define a model for a user, and register that user.
Note: In case of a successful POST request, you should make a redirect
[Django-doc]
to implement the Post/Redirect/Get pattern [wiki].
This avoids that you make the same POST request when the user refreshes the
browser.

Django ModelForm does not save in database

I am trying to make a simple to-do list in Django that each user could have their own task list so when they logged in they add a task and its save for themselves and the list only display their own tasks, but when I try to add a task from the template's form it won't save but when I add task manually from admin panel it work.
my models.py
from django.db import models
from django.contrib.auth.models import User
class Tasks(models.Model):
user = models.ForeignKey(User, null=True,on_delete=models.CASCADE)
title = models.CharField(max_length=200)
check = models.BooleanField(default = False)
date = models.DateTimeField(auto_now_add=True)
def __str__(self):
return self.title
forms.py
from django import forms
from django.forms import ModelForm
from .models import *
class TaskForm(forms.ModelForm):
class Meta:
model = Tasks
fields = '__all__'
views.py:
from django.shortcuts import render, redirect
from django.contrib.auth.decorators import login_required
from .forms import *
from .models import Tasks
#login_required(login_url = 'login')
def tasks(request):
tasks = Tasks.objects.filter(user = request.user)
context = { 'tasks': tasks }
return render(request,'ToDo/list.html',context)
#login_required(login_url = 'login')
def add_task(request):
form = TaskForm()
if request.method == 'POST':
form = TaskForm(request.POST)
if form.is_valid():
form.save(commit=False)
form.user = request.user
form.save()
return redirect('/')
context = {'form' : form}
return render(request,'ToDo/add.html',context)
where is the problem?

You assign the user to the .user attribute of the form, not of the .instance wrapped in the form. You thus should alter the instance with:
#login_required(login_url = 'login')
def add_task(request):
if request.method == 'POST':
form = TaskForm(request.POST, request.FILES)
if form.is_valid():
form.instance.user = request.user
form.save()
return redirect('/')
else:
form = TaskForm()
return render(request, 'ToDo/add.html', {'form' : form})
You should furthermore only redirect in case of a successful POST request: in case the POST request is not successful, the form can render the error messages, and thus will inform the user what the problem is.
Furthermore you make the user field non-editable:
from django.conf import settings
class Tasks(models.Model):
user = models.ForeignKey(
settings.AUTH_USER_MODEL,
editable=False,
on_delete=models.CASCADE
)
title = models.CharField(max_length=200)
check = models.BooleanField(default = False)
date = models.DateTimeField(auto_now_add=True)
def __str__(self):
return self.title
Note: It is normally better to make use of the settings.AUTH_USER_MODEL [Django-doc] to refer to the user model, than to use the User model [Django-doc] directly. For more information you can see the referencing the User model section of the documentation.

How can I connect the user to a post he created in Django

I am starting with Django, and I have a question about the connection between a post and the user who created it. For now, I managed to create the link, however, whenever I create a new post, the user id is always the default one, thus one. I want to make it in a way that the user id is the id of the person creating the post, and for some reason, it never works. The other option I tried is to put "user" into the form but the problem is that then the user can choose which user he is, which is risky. So is there any way to make it automatic? That when the post is created, the right user id is directly connected to it? Thank you for any help!!
model.py
"""
class Post(models.Model):
user = models.ForeignKey(User,on_delete=models.CASCADE, default=1)
image = models.ImageField(default="man.jpg")
titre = models.CharField(max_length=50)
slug = models.SlugField(max_length=100)
date_publication = models.DateTimeField(auto_now_add=True)
"""
view.py
"""
#login_required
def post_create(request):
if request.method == "POST":
post_form = PostForm(request.POST)
if post_form.is_valid():
post_form.save()
messages.success(request, 'Your post was successfully created!')
return redirect('seed:view_seed')
else:
messages.error(request, 'Please correct the error below.')
else:
post_form = PostForm(request.POST)
return render(request, "post/create.html", context={"post_form": post_form})
"""
forms.py
"""
class PostForm(ModelForm):
class Meta:
model = Post
fields = ["user", "image", "titre", "slug"]
"""

You remove the user field from the fields in the form:
class PostForm(ModelForm):
class Meta:
model = Post
# no user ↓
fields = ['image', 'titre', 'slug']
and in the view you add the logged in user to the instance wrapped in the form:
#login_required
def post_create(request):
if request.method == 'POST':
post_form = PostForm(request.POST)
if post_form.is_valid():
# add user to the instance ↓
post_form.instance.user = request.user
post_form.save()
messages.success(request, 'Your post was successfully created!')
return redirect('seed:view_seed')
else:
messages.error(request, 'Please correct the error below.')
else:
post_form = PostForm()
return render(request, "post/create.html", context={"post_form": post_form})
Note: It is normally better to make use of the settings.AUTH_USER_MODEL [Django-doc] to refer to the user model, than to use the User model [Django-doc] directly. For more information you can see the referencing the User model section of the documentation.

Avoid access to other pages via URL, if not logged on (Django)

Team, I have used Django Authentication models which is validating the login to the my blog, but it still permits users to access other restricted pages through url, I need to avoid this, please help on that. Please add maximum details as you can, I am struggling a lot with that
Models:
from django.db import models
from django.db.models import permalink
from django.contrib.auth.models import User
class Post(models.Model):
title = models.CharField(max_length=100)
body = models.TextField()
datposted = models.DateTimeField('date posted')
category = models.ForeignKey('Category')
owner = models.ForeignKey('UserProfile')
def __str__(self):
return '%s' % self.title
class Category(models.Model):
title = models.CharField(max_length=100)
def __str__(self):
return self.title
class UserProfile(models.Model):
# This line is required. Links UserProfile to a User model instance.
user = models.OneToOneField(User)
# The additional attributes we wish to include.
website = models.URLField(blank=True)
picture = models.ImageField(upload_to='profile_images', null=True)
def __unicode__(self):
return self.user.username
class Logout(User):
force_logout_date = models.DateTimeField(null=True, blank=True)
Views:
def index(request):
template = "index.html"
return render(request,template)
def menu(request):
return render(request,"menu.html")
def view_posts(request):
return render_to_response('posts.html',{'posts':Post.objects.all()})
def view_post(request, post_id=1):
return render_to_response('view_post.html',{'post':Post.objects.get(id=post_id)})
def view_by_year(request):
cur_year=timezone.now().year
posts_cur_year = Post.objects.filter(datposted__year=cur_year)
return render_to_response('view_by_year.html',{'posts_cur_year':posts_cur_year})
def view_by_month(request):
cur_month=timezone.now().month
posts_cur_month = Post.objects.filter(datposted__month=cur_month)
return render_to_response('view_by_month.html',{'posts_cur_month':posts_cur_month, 'cur_month':cur_month})
def view_by_owner(request):
user = request.user
posts_owner = Post.objects.filter(owner__user=request.user)
return render_to_response('view_by_owner.html',{'view_owner':posts_owner})
def register(request):
# Like before, get the request's context.
context = RequestContext(request)
# A boolean value for telling the template whether the registration was successful.
# Set to False initially. Code changes value to True when registration succeeds.
registered = False
if request.method == 'POST':
# Attempt to grab information from the raw form information.
# Note that we make use of both UserForm and UserProfileForm.
user_form = UserForm(data=request.POST)
profile_form = UserProfileForm(data=request.POST)
# If the two forms are valid...
if user_form.is_valid() and profile_form.is_valid():
# Save the user's form data to the database.
user = user_form.save()
# Now we hash the password with the set_password method.
# Once hashed, we can update the user object.
user.set_password(user.password)
user.save()
# Now sort out the UserProfile instance.
# Since we need to set the user attribute ourselves, we set commit=False.
# This delays saving the model until we're ready to avoid integrity problems.
profile = profile_form.save(commit=False)
profile.user = user
profile.save()
registered = True
else:
print user_form.errors, profile_form.errors
# Not a HTTP POST, so we render our form using two ModelForm instances.
# These forms will be blank, ready for user input.
else:
user_form = UserForm()
profile_form = UserProfileForm()
# Render the template depending on the context.
return render_to_response(
'register.html',
{'user_form': user_form, 'profile_form': profile_form, 'registered': registered},
context)
def user_login(request):
# Like before, obtain the context for the user's request.
context = RequestContext(request)
# If the request is a HTTP POST, try to pull out the relevant information.
if request.method == 'POST':
# Gather the username and password provided by the user.
# This information is obtained from the login form.
username = request.POST['username']
password = request.POST['password']
# Use Django's machinery to attempt to see if the username/password
# combination is valid - a User object is returned if it is.
user = authenticate(username=username, password=password)
# If we have a User object, the details are correct.
# If None (Python's way of representing the absence of a value), no user
# with matching credentials was found.
if user:
# Is the account active? It could have been disabled.
if user.is_active:
# If the account is valid and active, we can log the user in.
# We'll send the user back to the homepage.
login(request, user)
return HttpResponseRedirect('/menu/')
else:
# An inactive account was used - no logging in!
return HttpResponse("Sua conta nao esta ativa.")
else:
# Bad login details were provided. So we can't log the user in.
print "Credenciais Incorretas: {0}, {1}".format(username, password)
return HttpResponse("Login invalido.")
# The request is not a HTTP POST, so display the login form.
# This scenario would most likely be a HTTP GET.
else:
# No context variables to pass to the template system, hence the
# blank dictionary object...
return render_to_response('login.html', {}, context)
def create_post(request):
if request.method == 'POST':
form = CreatePostForm(request.POST)
if form.is_valid():
post = form.save(commit=False)
post.datposted = datetime.datetime.now()
#post.owner = request.user()
post.save()
return HttpResponseRedirect('/posts/')
else:
return HttpResponse("Favor. Verifique os campos necessarios")
else:
form = CreatePostForm()
f = {'form' : form}
return render(request,'create_post.html',f)
def logout(request):
auth.logout(request)
return render_to_response('logout.html')

You can use the #login_required decorator above each view that you want to protect:
#login_required
def index(request):
template = "index.html"
return render(request,template)
This will ensure that the user has logged in before allowing them access to each view that utilizes this decorator.
See the Documentation for more information.