I'm using Django's comment framework as a part of my project. With default settings, anonymous users can make comments at will.
I want to change this feature such that only authenticated users can post comments. Moreover, I want this authenticated user's name to show up next to the comment.
How do I go about doing so? I've read up on the documentation, and I understand the pre-defined comment model has a "user" field which is a ForeignKey to the User model / user who posted the comment (Link here). However, I don't understand how to assign request.user (i.e. the current authenticated user) to this user field that belongs to the instance of the comment.
In other words, how does Django process the form data on the front-end to the Comment model in the back-end, and how can I edit this process such as to assign request.user to the user field in the comment model.
Thanks for the help!
Start from the documentation
Basically you need to (at least):
enable django.contrib.auth in your settings.py
define login view
use #login_required decorator on the views you want restrict
check if request.user.is_authenticated() in your form processing code.
Related
I am working on a simple site with a login functionality. To handle auth in the backend I am using the Djoser library. I have login functionality working. However now I want to create a site on my frontend which has restricted access based on a users roles.
What I want is that if a users is admin/staff then the frontend site has another page in the navbar. So my question is, how should I go about handling this. My first thought is that, when the user is logging in, then the token is sent to the frontend and stored, and then with the token I would also send the users role and store this aswell. However I am not sure how to extend Djoser to do this.
Another option would be to simply say that after the user has logged in and received the token and stored it in the frontend, I would make a subsequent request to the backend to get that users information including its role and store that aswell. This of course takes 2 backend calls instead of one as in the first option.
To me it seems optimal to use the first option, however I am not sure how to extend the Djoser login path to send both a token and the users role.
Solved it myself, see my answer below to see how I did it.
However if anybody is familiar with a smarter way to achieve what I am trying to, then please post a comment!
Okay, I figured it out myself. Leaving this here if anybody needs it.
First I create a serializer file in my project directory (original app).
Then I took the TokenSerializer from Djoser and extended it to the following,
from rest_framework import serializers
from djoser.conf import settings
class TokenSerializer(serializers.ModelSerializer):
auth_token = serializers.CharField(source="key")
is_staff = serializers.BooleanField(source="user.is_staff", read_only=True, default=False)
class Meta:
model = settings.TOKEN_MODEL
fields = ("auth_token", "is_staff")
I did not realize that you can use the source keyword, with this I can access the user model attached to the token, and the retrieve the is_staff field.
This now makes it so that a user requests a login to /auth/token/login/, with the login details, it responds with a token and whether or not the user has is_staff field set.
I'm working on small project with Django framework. And as I can implement usage of authentication mechanism, that I can find a solution how to use information about logged user with model I define.
In example. I have model that will store information about QSL cards, and I want to have option that depends on which user is logged, his/her QSL cars will be shown from database.
I search here and in docs.djangoproject.com but without success.
Thanks in advance for any tips or links.
If you try,
user = request.user
Variable user will have currently logged in user object. You can use this user to filter some models objects where user is foreign key. For e.g posts = Post.objects.filter(user=request.user). If you want to get any specific user information, for e.g username. You can try username = request.user.username
I just can’t find any information about the implementation of the system of adding to favorites for registered users.
The model has a Post model. It has a couple of fields of format String. The author field, which indicates which user made the POST request, etc.
But how to make it so that the user can add this Post to his “favorites”, so that later you can get a JSON response with all the posts that he added to himself. Well, respectively, so that you can remove from favorites.
Are there any ideas?
You can add a favorite_posts field (many-to-many) in your Author model.
I'm using django 1.9.7 and django-allauth to handle my user authentication.
I have a contact form that includes several Fields (including the users email address) which are saved as a model in the backend, from there I am using a ModelForm to display the fields. So far so good.
Now there should be a checkbox, which when checked should add two fields (password, password confirm) and instantly create an account with the email and password provided.
For this I would probably manually create a user object from the view that receives the contact information, but since its security relevant I'm wondering if there is an easy way to call a allauth method from python that creates the user (or even provides the form).
How would I go about this?
Update: So i found the adapter has a method called save_user() which would populate the information and save the new user.I could then add the two password fields to the form and just pass the form in there.
My issue that it would skip all the username and password cleaning, the email confirmation or the auto login after sign up.
You should be able to use the new_user() method in the default adapter. refer here https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/adapter.py
I have made custom comment app. The only difference that it has reCAPTCHA field in comment form.
class CustomCommentForm(CommentForm):
recaptcha = ReCAPTCHAField()
I used this snippet http://djangosnippets.org/snippets/1653/ for integration django comments and reCAPTCHA.
I want authorized users to post comment without filling recaptcha field and unauthorized users have to fill it. I thought about creating 2 different form (one with recaptcha for anonymous users and other without it for authorized). But how can I provide different forms when django documentation says that I have to override get_form() method and with it function I can return only one form? Or should I wrap post_comment view of django-comments-framework?
Maybe this can help you, presumably you could move the logic for checking user into get_form.
http://djangosnippets.org/snippets/1662/