I want to set a test cookie in my CreateView and be able to get a test result in form_valid function (after sending a form).
Where should I put the code responsible for setting the cookie?
self.request.session.set_test_cookie()
I tried to override get_form_kwargs and put it there, but it didn't work.
My code:
class MyView(CreateView):
def form_valid(self, form):
if not self.request.session.test_cookie_worked():
pass
else:
pass
See the docs for test_cookie_worked:
https://docs.djangoproject.com/en/1.6/topics/http/sessions/#django.contrib.sessions.backends.base.SessionBase.test_cookie_worked
"Due to the way cookies work, you’ll have to call set_test_cookie() on a previous, separate page request."
Therefore I would suggest to set_test_cookie in the get method of the view:
class MyView(CreateView):
def get(self, request, *args, **kwargs):
self.request.session.set_test_cookie()
super(MyView, self).get(request, *args, **kwargs)
def form_valid(self, form):
if not self.request.session.test_cookie_worked():
pass
else:
pass
Related
class IndexTemplateView(TemplateView):
'''Index TemplateView.'''
template_name = 'frontend/index.html'
def post(self, request, *args, **kwargs):
'''Manages credentials received for methods calling authentication.'''
bitrix24_domain = request.GET.get('DOMAIN')
request.session['bitrix24_domain'] = bitrix24_domain
print(request.session['bitrix24_domain']) # String is stored and printed to the screen.
return redirect('index')
# Bitrix24 sends credentials via POST right after GET request.
# CSRF protection would cause error in this case.
#csrf_exempt
def dispatch(self, request, *args, **kwargs):
return super().dispatch(request, *args, **kwargs)
class LoginTemplateView(TemplateView):
'''Login TemplateView.'''
template_name = 'frontend/login.html'
def get(self, request, *args, **kwargs):
'''Renders the login page.'''
redirect_uri = get_google_redirect_uri()
print(request.session.items()) # Returns empty session. The string was never saved.
return redirect(redirect_uri)
I've tried setting request.session.modified = True but it didn't work either. I really don't know why I can't store a string in session. I've also tried to store in self.request within the POST request, but without success, tried to store it in the dispatch() function, in the setup() function. Tried almost everything and I can't store a single piece of information in my session. I'm also using Django Rest framework.
Can anyone help me on how to use sessions with generic views?
Problem solved, session does not work with tunneling service as Ngrok.
I'm creating a Django web application on which users can create an account for free. I have also set-up a demo user which is already configured and has data attached to its account. Purpose of this demo account is to give a new user a quick overview of what the application can do.
Now I would like to have this demo user access all my views but not save to the database when the user saves a form.
Off course there are multiple ways off doing this that I know off. But they all require me to edit multiple pages or views:
When saving a form check if it is the demo user, if yes: don't save
Remove the save button from my templates when the demo user is logged in
Is there a easier/cleaner solution to do this? How can I set-up my application in a way that a specific user can never save to the database?
The solution I used
marcusshep's idea provided a solution for me. I created the following Views for pages where the form should be loaded but not saved when hitting the save button. Until now I wasn't able to do that. At this moment the pages below will render a 303 immediately
class FormViewOPRadio(FormView):
def dispatch(self, request, *args, **kwargs):
# Return 403 for demo user
temp = 'temp'
if self.request.user.email == 'demo#opradio.nl':
raise PermissionDenied
else:
return super(FormViewOPRadio, self).dispatch(request, *args, **kwargs)
class UpdateViewOPRadio(UpdateView):
def dispatch(self, request, *args, **kwargs):
# Return 403 for demo user
temp = 'temp'
if self.request.user.email == 'demo#opradio.nl':
raise PermissionDenied
else:
return super(UpdateViewOPRadio, self).dispatch(request, *args, **kwargs)
class DeleteViewOPRadio(DeleteView):
def dispatch(self, request, *args, **kwargs):
# Return 403 for demo user
temp = 'temp'
if self.request.user.email == 'demo#opradio.nl':
raise PermissionDenied
else:
return super(DeleteViewOPRadio, self).dispatch(request, *args, **kwargs)
Furthermore there are also some pages which should be inaccessible for which I used
from braces.views import UserPassesTestMixin
class UserNotDemoUser(UserPassesTestMixin):
raise_exception = True
def test_func(self, user):
return user.email != 'demo#opradio.nl'
What I tried
I created the following Views for pages where the form should be loaded but not saved when hitting the save button
class FormViewOPRadio(FormView):
def form_valid(self, form):
# Return 403 for demo user
if self.request.user.email == 'demo#opradio.nl':
raise PermissionDenied
else:
return super(FormViewOPRadio, self).form_valid(form)
class AddStream(LoginRequiredMixin, UserPassesTestMixin, SuccessMessageMixin, FormViewOPRadio):
"""Is the page used to add a Stream"""
template_name = 'opradioapp/addoreditstream.html'
form_class = AddStreamForm
success_url = reverse_lazy('opradioapp_home')
success_message = "De stream is opgeslagen"
# Validate if the user is the maintainer of the station
def test_func(self):
user = self.request.user
mainuserstation = MainUserStation.objects.get(slugname=self.kwargs['mainuserstationslug'])
if mainuserstation.maintainer == user:
return True
else:
return False
def form_valid(self, form):
user = self.request.user
mainuserstation = MainUserStation.objects.get(slugname=self.kwargs['mainuserstationslug'])
userstream = UserStream()
userstream.mainuserstation = mainuserstation
userstream.name = form.cleaned_data['name']
userstream.slugname = 'temp'
userstream.description = form.cleaned_data['description']
userstream.save()
member = Member.objects.get(user=user, mainuserstation=mainuserstation)
member.streamavailable.add(userstream)
member.save()
return super(AddStream, self).form_valid(form)
When doing it this way
if self.request.user.email == 'demo#opradio.nl':
raise PermissionDenied
is called after the save() calls. How can I change this? I tried calling super earlier but than I ran into problems.
Off course there are multiple ways of doing this that I know of. But they all require me to edit multiple pages or views:
Well, you won't have to repeat the logic for every template or view if you utilize certain DRY features of Python and Django.
Class Based View Inheritance
class CheckForDemoUser(View):
def dispatch(self, request, *args, **kwargs):
# check for demo user
# handle which ever way you see fit.
super(CheckForDemoUser, self).dispatch(request, *a, **kw)
class ChildClass(CheckForDemoUser): # notice inheritance here
def get(request, *args, **kwargs):
# continue with normal request handling
# this view will always check for demo user
# without the need to repeat yourself.
Function Decorators
def check_for_demo_user(func):
def func_wrapper(request, *args, **kwargs):
# implement logic to determine what the view should
# do if the request.user is demo user.
return func_wrapper
#check_for_demo_user
def my_view(request, *args, **kwargs):
# automatic checking happening before view gets to this point.
With Inclusion Tags you can isolate the logic of hiding/showing form submit buttons in one place and refer to your custom tag in multiple pages that the demo user would be on.
These are just some of the ways you can implement this logic without having to repeat yourself over and over.
I believe this is a simple one, just can't spot the solution. I have a view that does a bit of work on the server then passes the user back to another view, typically the original calling view.
The way I'm rendering it now, the url isn't redirected, ie it's the url of the original receiving view. So in the case the user refreshes, they'll run that server code again.
class CountSomethingView(LoginRequiredMixin, View):
def get(self, request, *args, **kwargs):
# so some counting
view = MyDetailView.as_view()
return view(request, *args, **kwargs)
I strongly recommend not overriding get or post methods. Instead, override dispatch. So, to expand on Platinum Azure's answer:
class CountSomethingView(LoginRequiredMixin, RedirectView):
permanent = False
def get_redirect_url(self, **kwargs):
url = you_can_define_the_url_however_you_want(**kwargs)
return url
def dispatch(self, request, *args, **kwargs):
# do something
return super(CountSomethingView, self).dispatch(request, *args, **kwargs)
when a user does an action and I need to redirect him to the same page, first of all I use a templateView to display a simple "thanks" (for example) then provide a link to go back to the previous page with a simple {% url %}
for example :
from django.views.generic import CreateView, TemplateView
from django.http import HttpResponseRedirect
class UserServiceCreateView(CreateView):
form_class = UserServiceForm
template_name = "services/add_service.html"
def form_valid(self, form):
[...]
return HttpResponseRedirect('/service/add/thanks/')
class UserServiceAddedTemplateView(TemplateView):
template_name = "services/thanks_service.html"
def get_context_data(self, **kw):
context = super(UserServiceAddedTemplateView, self).\
get_context_data(**kw)
context['sentance'] = 'Your service has been successfully created'
return context
in the template thanks_service.html i use {% url %} to go back to the expected page
Hope this can help
Performing a redirect in a Django Class Based View is easy.
Simply do a return redirect('your url goes here').
However, I believe this isn't what you want to do.
I see you're using get().
Normally, when speaking about HTTP, a GET request is seldom followed by a redirect.
A POST request is usually followed by a redirect because when the user goes backwards you wouldn't want to submit the same data again.
So what do you want to do?
What I think you want to do is this:
def get(self, request, *args, **kwargs):
return render_to_response('your template', data)
or even better
def get(self, request, *args, **kwargs):
return render(request, self.template_name, data)
If you're creating or updating a model, consider inheriting from CreateView or UpdateView and specifying a success_url.
If you're really doing a redirect off of an HTTP GET action, you can inherit from RedirectView and override the get method (optionally also specifying permanent = False):
class CountSomethingView(LoginRequiredMixin, RedirectView):
permanent = False
def get(self, request, *args, **kwargs):
# do something
return super(CountSomethingView, self).get(self, request, *args, **kwargs)
Note that it's really bad practice to have a get action with side-effects (unless it's just populating a cache or modifying non-essential data). In most cases, you should consider using a form-based or model-form-based view, such as CreateView or UpdateView as suggested above.
I am using Django DeleteView in a template and I've created a url & view.
Is it possible to skip the process of loading the _confirm_delete template and just post the delete immediately.
DeleteView responds to POST and GET requests, GET request display confirmation template, while POST deletes instance.
You can send POST request, without confirmation with form like this:
<form method="POST" action="{% url "your_delete_url_name" %}">
{% csrf_token %}<input type="submit" value="DELETE">
</form>
If you do not want to have a link instead form button, use some javascript to make invisible form, that will be submitted on link click.
It is not good practice to use GET request for updating or deleting, but if you really insist you can shortcut get method in your class view to post, ie:
def get(self, *args, **kwargs):
return self.post(*args, **kwargs)
Or you can redefine get() method in your DeleteView:
class YourDeleteView(DeleteView):
model = YourModel
success_url = '<success_url>'
def get(self, request, *args, **kwargs):
return self.post(request, *args, **kwargs)
But be careful with that, ensure that this doesn't affect other functionality.
Yes, just change the next parameter. In your return response, make sure that the dictionary that you pass in is has something like this : { 'next': '/<your_path_here>}/' }, make sure you commit the changes before adding the next parameter. You might want to change your view's get and post functions.
Or you could only allow HTTP request method delete by routing the request directly to the delete method of your class.
from django.views.generic import DeleteView
from django.http import HttpResponseForbidden
class PostDeleteView(DeleteView):
model = Post
http_method_names = ['delete']
def dispatch(self, request, *args, **kwargs):
# safety checks go here ex: is user allowed to delete?
if request.user.username != kwargs['username']:
return HttpResponseForbidden()
else:
handler = getattr(self, 'delete')
return handler(request, *args, **kwargs)
def get_success_url(self):
username = self.kwargs.get('username')
success_url = str(reverse_lazy('post:user_home', kwargs={'username': username}))
return success_url
Let's say your URL looks like this:
path('posts/delete/<int:pk>/', PostDeleteView.as_view(), name='post_delete'),
For clarity why this works, you have to analyze the post and delete methods.
def post(self, request, *args, **kwargs):
return self.delete(request, *args, **kwargs)
def delete(self, request, *args, **kwargs):
"""
Call the delete() method on the fetched object and then redirect to the
success URL.
"""
self.object = self.get_object()
success_url = self.get_success_url()
self.object.delete()
return HttpResponseRedirect(success_url)
post just calls delete and delete gets the object and success URL, deletes the object, then redirects to the success URL you provided. pk_url_kwarg = 'pk' is why I showed the <int:pk> part in the URL.
You can override the get() method to behave exactly like the delete() method:
def get(self, request, *args, **kwargs):
return self.delete(request, *args, **kwargs)
See CCBV here: https://ccbv.co.uk/projects/Django/4.1/django.views.generic.edit/DeleteView/
All you have to do is override the get_success_url method of your delete view. Then it will directly delete the object from the DB. Eg:
class YourView(DeleteView):
model = YourModel
def get_success_url(self):
return reverse('your_redirect_view')
in my way of perfectionism, I'm here to ask more questions about the not-so-well-documented class-based views.
I spend like 5 hours learning about class-based views, lurking into the code and I got a question.
Maybe what I'm trying to do is stupid, and if so, just say that.
I will put a simple example:
class SearchFormView(FormView):
template_name = 'search/search.html'
form_class = SearchForm
def get(self, request, *args, **kwargs):
form = SearchForm(self.request.GET or None)
if form.is_valid():
self.mystuff = Stuff.objects.filter(title__icontains=form.cleaned_data['query'])[:10]
return super(SearchFormView, self).get(request, *args, **kwargs)
This is a perfect valid class (it is, right?).
You have a form, and you make a GET request with a query parameter.
Works like a charm.
But lets imagine... I validate the query input to prevent some type of attack and I see that the query is malicious so I put a validation error.
With the old functions, I have a form instance (empty) and I put data in it and validation errors if needed. I always return that instance, if empty (first request) or if it filled with errors (the case of the malicious query).
The problem is with class-based views. In my get method I work with an extra instance of SearchForm so if I put validation stuff would be there and if I call get on the father it will use the instance on "form_class" that would be empty.
So, I think that there should be a way where I use the same form always, I mean: I call the request method, I pick the form_class (not create a new form), pass the data, validate and the father will return that form with the validation stuff.
Im not sure if I explained this correctly. So in short, Im creating a copy of the form in the get but I return the father get who have another copy that will be empty, so my when I display the template, there will be no errors because the form sended is empty.
Any ideas? Thanks.
Your problem is that super(SearchFormView, self).get(request, *args, **kwargs) renders its own form and own context. It's only a 3 line view function, so you should really be overriding what you need to change its behavior.
def get(self, request, *args, **kwargs):
form = SearchForm(self.request.GET or None)
if form.is_valid():
self.mystuff = Stuff.objects.filter(title__icontains=form.cleaned_data['query'])[:10]
return self.render_to_response(self.get_context_data(form=form))
Update: alternate idea if you'd like to continue using the super call
def get(self, request, *args, **kwargs):
self.form = SearchForm(self.request.GET or None)
if self.form.is_valid():
self.mystuff = Stuff.objects.filter(title__icontains=form.cleaned_data['query'])[:10]
return super(SearchFormView, self).get(request, *args, **kwargs)
def get_form(self, form_class):
"""
Returns an instance of the form to be used in this view.
"""
return getattr(self, 'form', None) or form_class(**self.get_form_kwargs())
The problem appears to be the fact that Django class based views only populate the form kwargs if the HTTP method is POST or PUT:
class FormMixin(object):
def get_form_kwargs(self):
"""
Returns the keyword arguments for instanciating the form.
"""
kwargs = {'initial': self.get_initial()}
if self.request.method in ('POST', 'PUT'):
kwargs.update({
'data': self.request.POST,
'files': self.request.FILES,
})
return kwargs
I found this a bit peculiar also, since I have on occasion used a form in a GET request (eg. a "search" form), which needed to perform some basic validation. I just override the get_form_kwargs() method on such views, to also populate the kwargs['data'] item, even when the HTTP method is GET.