Hi there,
I'm currently building a Django app that uses JavaScript and Ajax.
One of the things I am doing is within each view, as well as
outputting a variable as standard, I also JSON encode any objects on
the page and return them as well, so when the page loads, they are in
the DOM as values I can use to manipulate the page.
One of the issues I am having is with the code below for example:
def get_project_list(request):
member = Member.members.get(user__exact = request.user)
projects = [project for project in Project.projects.all() if
project.get_permissions(request.user).view_project]
if request.is_ajax():
template = 'project/project_list_ajax.html'
else:
template = 'project/project_list.html'
return render_to_response(template,
{
'view_title': "All Projects",
'projects': projects,
'json_output': json_encode({'projects' : projects, 'user'
: member}),
}, context_instance=RequestContext(request)
)
i then output it like this
<script>
var hgfront = {{json_output}}
</script>
When I go into the DOM tab in Firebug, I can see the variables in the
dom. All are attached to a hgfront object, so for example, a page
might look like this in the dom
+ hgfront
+ options
+ projects
+0
+_project_manager_cache
name
id
.....
As you can see, each object is converted into JSON, but the problem
comes when I get a project, as you can see it passes along the
_project_manager_cache - which is the user object. Now the problem I
am having is the users password, although hashed, is showing like so:
_project_manager_cache
Object username=tanep first_name=Tane last_name=Piper
date_joined
"2008-04-10 18:40:55"
email
"[EMAIL PROTECTED]"
first_name
"Tane"
id
2
is_active
true
is_staff
true
is_superuser
true
last_login
"2008-04-10 22:46:12"
last_name
"Piper"
password
"sha1$65c5c$ac5966b3082279392h737373144cf6db200c3"
username
"tanep"
The problem is that this isn't even being done with a select_related()
query, so the object is automatically being output. What I want to
know is there any way I could simplify the method and have it remove
the password field any time a user object is being selected as part of
a related query?? I'm sure there is a need for it when doing
authorisation, but once a session has been confirmed, is it needed
again?
--
Tane Piper
Blog - http://digitalspaghetti.me.uk
Skype: digitalspaghetti
This email is: [ ] blogable [ x ] ask first [ ] private
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
