I guess I'll surrender and go with only the template authenticated
check solution even if it still disturb me a little that the user can
display the sign-up form in a page, then log in on another page and
still be able to sign-up by sending the form.
That's nice to know about the RequestContext ! Also I saw that the
render shortcut was born with Django 1.3, that's really a cool
addition.
Thanks again ;)
Nolhian
On Nov 24, 3:23 pm, Ivo Brodien <i...@brodien.de> wrote:
> Hi!
>
> Ah, ok. Now it makes a more sense - index was indeed confusing.
>
> Well in your template I would just make the check and show the form or not.
>
> If your don’t show the form, the user cannot make a POST to the signup view
> since he does not have a valid CSRF token.
>
> Anyway, if the user is logged in there should not be a Link to the signup
> page and even if he enters the signup form url by hand, he will see no form.
>
> Ah, and don’t worry about the RequestContext. I don’t think that it causes
> any important amount of overhead. The processing was done anyways before, so
> its just a matter of making it available to the template or not. And you will
> see, that you will use it often in your templates.
>
> Ivo
> On Nov 24, 2011, at 14:25 , Nolhian wrote
>
>
>
>
>
>
>
> > Hello,
>
> > First of all thanks for your answer !
> > I think that the name I gave "index.html" is causing confusion. In
> > fact that's the first view I created and so the only template I have
> > at the moment and I awkwardly named it index.html, It should be named
> > signup.html or something like that. I'm not looking to handle log in
> > and logout here, just making sure that a logged user cannot sign-up
> > again ( which would be a nonsense and in my opinion a flaw ),this is
> > my signup form view which is located at /subscribe/.
>
> > Is it better with these explications or does the approach I'm taking
> > still feel weird ?
>
> > Nolhian
>
> > On Nov 24, 1:37 pm, Ivo Brodien <i...@brodien.de> wrote:
> >> DrBloodMoney is right, It is kind of odd how you are solving the problem
> >> but it might me kind of right depending on what you are trying to do.
>
> >> Considering how most of the websites work you should do this.
>
> >> In all the templates include another template which does this:
>
> >> {% if not user.is_authenticated %}
> >> LINK Login | Link Sign Up
> >> {% else %}
> >> Logged in as username | Link Logout
> >> {% endif %}
>
> >> Logout, Login and Sign Up are handled by different urls/views and not the
> >> index or any other view
>
> >> if you want to make a view available only to authenticated users, use the
> >> @login_required decorator.[2]
>
> >> If you are using the provided django.auth system the views for login,
> >> logout are already there. In the settings you can define some behavior.
>
> >> See the settings LOGIN_REDIRECT_URL, LOGIN_URL, LOGOUT_URL [1]
>
> >> [1]https://docs.djangoproject.com/en/1.3/ref/settings/#login-url
> >> [2]https://docs.djangoproject.com/en/1.3/topics/auth/#the-login-required...
>
> >> On Nov 24, 2011, at 3:31 , Nolhian wrote:
>
> >>>> This seems all sorts of wrong to me. Why couldn't the user just log
> >>>> out and then post? Seems like an odd workflow, but I don't know your
> >>>> business-case here.
>
> >>> Yes the user can just log out and then post but since this is a sign-
> >>> up form it would seem logical to not be able to sign-up if the user is
> >>> logged in which means he already has an account.
>
> >>>> You could always control what is shown to the user in the template (to
> >>>> limit their ability to use your form to post to the view) with
>
> >>>> {% if not user.is_authenticated %}
> >>>> SHOW FORM
> >>>> {% else %}
> >>>> you're logged in so you can't post
> >>>> {% endif %}
>
> >>> That's kind of what I'm doing but I still need to check somewhere in
> >>> the view if the user is logged in. If I don't the user can open the
> >>> sign-up form page, then open another page of the site and log in, then
> >>> switch back to the sign-up form page, send the form ( which will be
> >>> validated in the view since there's no checking if the user is
> >>> authenticated or not there ) and successfully sign-up again WHILE
> >>> being logged in. To be able to do that just seems wrong to me.
>
> >>> --
> >>> You received this message because you are subscribed to the Google Groups
> >>> "Django users" group.
> >>> To post to this group, send email to django-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> django-users+unsubscr...@googlegroups.com.
> >>> For more options, visit this group
> >>> athttp://groups.google.com/group/django-users?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group
> > athttp://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
