I have made custom comment app. The only difference that it has reCAPTCHA field in comment form.
class CustomCommentForm(CommentForm):
recaptcha = ReCAPTCHAField()
I used this snippet http://djangosnippets.org/snippets/1653/ for integration django comments and reCAPTCHA.
I want authorized users to post comment without filling recaptcha field and unauthorized users have to fill it. I thought about creating 2 different form (one with recaptcha for anonymous users and other without it for authorized). But how can I provide different forms when django documentation says that I have to override get_form() method and with it function I can return only one form? Or should I wrap post_comment view of django-comments-framework?
Maybe this can help you, presumably you could move the logic for checking user into get_form.
http://djangosnippets.org/snippets/1662/
Related
I am working on a simple site with a login functionality. To handle auth in the backend I am using the Djoser library. I have login functionality working. However now I want to create a site on my frontend which has restricted access based on a users roles.
What I want is that if a users is admin/staff then the frontend site has another page in the navbar. So my question is, how should I go about handling this. My first thought is that, when the user is logging in, then the token is sent to the frontend and stored, and then with the token I would also send the users role and store this aswell. However I am not sure how to extend Djoser to do this.
Another option would be to simply say that after the user has logged in and received the token and stored it in the frontend, I would make a subsequent request to the backend to get that users information including its role and store that aswell. This of course takes 2 backend calls instead of one as in the first option.
To me it seems optimal to use the first option, however I am not sure how to extend the Djoser login path to send both a token and the users role.
Solved it myself, see my answer below to see how I did it.
However if anybody is familiar with a smarter way to achieve what I am trying to, then please post a comment!
Okay, I figured it out myself. Leaving this here if anybody needs it.
First I create a serializer file in my project directory (original app).
Then I took the TokenSerializer from Djoser and extended it to the following,
from rest_framework import serializers
from djoser.conf import settings
class TokenSerializer(serializers.ModelSerializer):
auth_token = serializers.CharField(source="key")
is_staff = serializers.BooleanField(source="user.is_staff", read_only=True, default=False)
class Meta:
model = settings.TOKEN_MODEL
fields = ("auth_token", "is_staff")
I did not realize that you can use the source keyword, with this I can access the user model attached to the token, and the retrieve the is_staff field.
This now makes it so that a user requests a login to /auth/token/login/, with the login details, it responds with a token and whether or not the user has is_staff field set.
How could I add a link to a page with SignIn via e-mail and then send a verification e-mail? I want to add a user to Wagtail, create group, site with name of the user. Why Wagtail doesn't have a module for that membership site?
I know this post is a bit old but it should be updated. Wagtail makes use of django's in-built auth views.
Wagtail uses Django’s standard django.contrib.auth.views.LoginView
view here, and so the context variables available on the template are
as detailed in Django's login view documentation.
http://docs.wagtail.io/en/v2.6.1/advanced_topics/privacy.html#setting-up-a-login-page
That said, it should be pretty straight forward. Set up auth as you normally would for a django project, and make your own templates.
https://docs.djangoproject.com/en/2.2/topics/auth/default/#using-the-django-authentication-system
Using Django-registration is posible as explained here:
Django-registration setup without password
I'm using django 1.9.7 and django-allauth to handle my user authentication.
I have a contact form that includes several Fields (including the users email address) which are saved as a model in the backend, from there I am using a ModelForm to display the fields. So far so good.
Now there should be a checkbox, which when checked should add two fields (password, password confirm) and instantly create an account with the email and password provided.
For this I would probably manually create a user object from the view that receives the contact information, but since its security relevant I'm wondering if there is an easy way to call a allauth method from python that creates the user (or even provides the form).
How would I go about this?
Update: So i found the adapter has a method called save_user() which would populate the information and save the new user.I could then add the two password fields to the form and just pass the form in there.
My issue that it would skip all the username and password cleaning, the email confirmation or the auto login after sign up.
You should be able to use the new_user() method in the default adapter. refer here https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/adapter.py
I am developing a web-site using Django/Python. I am quite new to this technology and I want to do the web-site in a right way.
So here is my problem:
Imagine, that there is a Product entity and product view to display the Product info.
I use (product_view in my views.py ).
There is also Message entity and the Product might have multiple of them.
In Product view page ( I use "product_view" action in my views.py ) I also query for the messages and display them.
Now, there should be a form to submit a new message ( in product view page ).
Question #1: what action name should form have ( Django way, I do understand I might assign whatever action I want )?
Option #1: it might be the same action "product_view". In product_view logic I might check for the HTTP method ( get or post ) and handle form submit or just get request. But it feels a bit controversial for me to submit a message to the "product_view" action.
Option #2: create an action named "product_view_message_save". ( I don't want to create just "message_save", because there might be multiple ways to submit a message ). So I handle the logic there and then I make a redirect to product_view. Now the fun part is: if the form is invalid, I try to put this form to the session, make the redirect to the "product_view", get the form there and display an error near the message field. However, the form in Django is not serializable. I can find a workaround, but it just doesn't feel right again.
What would you say?
Any help/advice would be highly appreciated!
Best Regards,
Maksim
You could use either option.
Option #1: In the post method (if using Class-based-views, otherwise check for "post" as the request type), just instantiate the form with MessageForm(request.POST), and then check the form's is_valid() method. If the form is valid, save the Message object and redirect back to the same view using HttpResponseRedirect within the if form.is_valid(): code block.
If you're checking for the related Messages objects in your template, the newly created message should be there.
Option #2: Very similar to Option #1, except if the form is not valid, re-render the same template that is used for the product_view with the non-valid form instance included in the template context.
I'm using Django's comment framework as a part of my project. With default settings, anonymous users can make comments at will.
I want to change this feature such that only authenticated users can post comments. Moreover, I want this authenticated user's name to show up next to the comment.
How do I go about doing so? I've read up on the documentation, and I understand the pre-defined comment model has a "user" field which is a ForeignKey to the User model / user who posted the comment (Link here). However, I don't understand how to assign request.user (i.e. the current authenticated user) to this user field that belongs to the instance of the comment.
In other words, how does Django process the form data on the front-end to the Comment model in the back-end, and how can I edit this process such as to assign request.user to the user field in the comment model.
Thanks for the help!
Start from the documentation
Basically you need to (at least):
enable django.contrib.auth in your settings.py
define login view
use #login_required decorator on the views you want restrict
check if request.user.is_authenticated() in your form processing code.