I guess I'll surrender and go with only the template authenticated check solution even if it still disturb me a little that the user can display the sign-up form in a page, then log in on another page and still be able to sign-up by sending the form. That's nice to know about the RequestContext ! Also I saw that the render shortcut was born with Django 1.3, that's really a cool addition.
Thanks again ;) Nolhian On Nov 24, 3:23 pm, Ivo Brodien <i...@brodien.de> wrote: > Hi! > > Ah, ok. Now it makes a more sense - index was indeed confusing. > > Well in your template I would just make the check and show the form or not. > > If your don’t show the form, the user cannot make a POST to the signup view > since he does not have a valid CSRF token. > > Anyway, if the user is logged in there should not be a Link to the signup > page and even if he enters the signup form url by hand, he will see no form. > > Ah, and don’t worry about the RequestContext. I don’t think that it causes > any important amount of overhead. The processing was done anyways before, so > its just a matter of making it available to the template or not. And you will > see, that you will use it often in your templates. > > Ivo > On Nov 24, 2011, at 14:25 , Nolhian wrote > > > > > > > > > Hello, > > > First of all thanks for your answer ! > > I think that the name I gave "index.html" is causing confusion. In > > fact that's the first view I created and so the only template I have > > at the moment and I awkwardly named it index.html, It should be named > > signup.html or something like that. I'm not looking to handle log in > > and logout here, just making sure that a logged user cannot sign-up > > again ( which would be a nonsense and in my opinion a flaw ),this is > > my signup form view which is located at /subscribe/. > > > Is it better with these explications or does the approach I'm taking > > still feel weird ? > > > Nolhian > > > On Nov 24, 1:37 pm, Ivo Brodien <i...@brodien.de> wrote: > >> DrBloodMoney is right, It is kind of odd how you are solving the problem > >> but it might me kind of right depending on what you are trying to do. > > >> Considering how most of the websites work you should do this. > > >> In all the templates include another template which does this: > > >> {% if not user.is_authenticated %} > >> LINK Login | Link Sign Up > >> {% else %} > >> Logged in as username | Link Logout > >> {% endif %} > > >> Logout, Login and Sign Up are handled by different urls/views and not the > >> index or any other view > > >> if you want to make a view available only to authenticated users, use the > >> @login_required decorator.[2] > > >> If you are using the provided django.auth system the views for login, > >> logout are already there. In the settings you can define some behavior. > > >> See the settings LOGIN_REDIRECT_URL, LOGIN_URL, LOGOUT_URL [1] > > >> [1]https://docs.djangoproject.com/en/1.3/ref/settings/#login-url > >> [2]https://docs.djangoproject.com/en/1.3/topics/auth/#the-login-required... > > >> On Nov 24, 2011, at 3:31 , Nolhian wrote: > > >>>> This seems all sorts of wrong to me. Why couldn't the user just log > >>>> out and then post? Seems like an odd workflow, but I don't know your > >>>> business-case here. > > >>> Yes the user can just log out and then post but since this is a sign- > >>> up form it would seem logical to not be able to sign-up if the user is > >>> logged in which means he already has an account. > > >>>> You could always control what is shown to the user in the template (to > >>>> limit their ability to use your form to post to the view) with > > >>>> {% if not user.is_authenticated %} > >>>> SHOW FORM > >>>> {% else %} > >>>> you're logged in so you can't post > >>>> {% endif %} > > >>> That's kind of what I'm doing but I still need to check somewhere in > >>> the view if the user is logged in. If I don't the user can open the > >>> sign-up form page, then open another page of the site and log in, then > >>> switch back to the sign-up form page, send the form ( which will be > >>> validated in the view since there's no checking if the user is > >>> authenticated or not there ) and successfully sign-up again WHILE > >>> being logged in. To be able to do that just seems wrong to me. > > >>> -- > >>> You received this message because you are subscribed to the Google Groups > >>> "Django users" group. > >>> To post to this group, send email to django-users@googlegroups.com. > >>> To unsubscribe from this group, send email to > >>> django-users+unsubscr...@googlegroups.com. > >>> For more options, visit this group > >>> athttp://groups.google.com/group/django-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-users@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.