Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

[Sage M.A.]

Hi, Carlton.

Thanks a lot for the feedback!
Ah, yes, looks like I missed that Oracle implementation. I've updated my 
proposal accordingly.
To summarize:

   - Added info about Oracle implementation (see 1.1)
   - Replaced 1 week of research with 1 week of writing tests and docs for 
   POC SQLite JSONField (see 3.1.1 and 3.1.2)
   - Replaced the idea of implementing HStoreField with writing 
   documentation for ArrayField, migration path, and SQLite+JSON1 (see 3.3.2)
   - Took half a week from the merging process into writing the 
   aforementioned docs.
   - Wrote about the possibility of merging the first and second milestones 
   so the final milestone would not be so big to merge. (see 3.1.2 and 3.2.2)
   - Wrote about the possibility of finishing the project early (see 3.4)

About #29548 , it seems 
interesting to me but I'm not quite sure what's left to be done.

Regards,
Sage

On Wednesday, 3 April 2019 21:40:09 UTC+7, Carlton Gibson wrote:
>
> Hi Sage. 
>
> Thanks for the proposal. It's looking OK. Couple of points: 
>
>
>- There IS an Oracle implementation. See the ticket here: 
>https://code.djangoproject.com/ticket/29821
>- Something that looks like an ArrayField, yes. HStore... not so sure 
>it's worth mimicking. 
>- On the timeline: I think you've spread the coding bit too thin and 
>not allocated enough for Documenting.
>   - I think you if you want full-guns at the SQLite PoC in week 1 and 
>   2 you'd have something in place quite quickly. 
>  - The base field should be simple enough™
>  - The SQLite only lookups shouldn't be too complicated. 
>   - As I commented on the other thread on this topic, we'll need to 
>   advise on getting people set up with SQLite with the JSON extension. 
>   - There's more in this that you think I'd guess. No harm in putting 
>  time in the schedule for it. 
>   - Allow for the possibility you complete early and have time to 
>   work on other things...
>   - This stuff is difficult to get right. It's more balance that 
>   exact times: 
>  - The actual timeline won't match the plan ever. 
>  - you don't need to worry about two days off for holiday 
>   
> Your contributions so far have been super. Thank you. 
>
> Kind Regards,
>
> Carlton
>
>
> On Tuesday, 2 April 2019 13:41:37 UTC+2, Sage M.A. wrote:
>>
>> Hello, everyone! My name is Sage. I'm a 19-year-old computer science 
>> student from Indonesia. I'm planning to join the Google Summer of Code 
>> (GSoC) this year, and I want to contribute to Django. I have written a 
>> draft for my proposal in this gist 
>> . I 
>> have submitted two small patches for Django, and I hope to contribute more 
>> in the future. Feedbacks are much appreciated, thanks!
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/f4565ae9-8dc7-4e2d-a0ac-8ea6ce5d0d76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal (FormSet Improvement)

[Asif Saif Uddin]

I checked your contribution Parth, really good one! once you improve 
your proposal, try to focus more on form/formfield/formset/widget/admin/ 
related issues so that you have a better insight into what your proposal 
going to improve in those areas. And popular and useful extensions could be 
benefited from x features to be implemented in that way etc. triaging the 
related area based tickets and fixing some more related issues not only 
improve your chance to get selected but help you understand the related 
areas much better. good luck for GSoC this year.

On Wednesday, April 3, 2019 at 10:06:26 PM UTC+6, PARTH PATIL wrote:
>
> Yes sure I will try to update my proposal by tomorrow (4th April) night 
> (IST +5:30), So  please have a look at it once again, and suggest changes.
>
>
> Best Regards,
> PARTH PATIL
>
> On Wed, 3 Apr 2019, 9:23 pm Carlton Gibson,  > wrote:
>
>> Yes, just pseudo code — so when reviewing your proposal next week it's 
>> easy to see that it'll be the right approach. 
>>
>> On Wednesday, 3 April 2019 17:51:18 UTC+2, PARTH PATIL wrote:
>>>
>>>
>>>
>>> On Wednesday, April 3, 2019 at 8:58:26 PM UTC+5:30, Carlton Gibson wrote:

 Hey Parth. 

 Right. So, thanks for making the effort so far. Good. 

 Can you add more detail about yourself. You've not contributed to 
 Django right? So the concern at this point would be whether you're able to 
 fulfil the project. 

>>>
>>> I have contributed to Django (see #30189 
>>> ), I have mentioned it at 
>>> the end of my proposal, I would try to highlight that. 
>>>
>>>  
>>>
 What's your experience with Django? (and if you want to implement a 
 declarative formset syntax, Python more generally?)
 (Perhaps you said this, but it needs to be in the proposal.) 

>>>
>>> Sure I will add some of my projects in the proposal. 
>>>

 You don't necessarily need to have ideas for the final code, but what 
 does e.g. the usage look like with your idea (i.e. adding the request 
 parameter)? 
 (So the formset gets the request and this is available where...? and so 
 on: can you SHOW in your proposal that this WILL address the issues?)

>>>
>>> I'm a little bit confused here, What you mean by "SHOW that this works"? 
>>>
>>>- Do you just write some pseudo code, and say this will work?
>>>- Or I have to prove in some way that this will work??
>>>
>>>
 HTH.

 Kind Regards,

 Carlton


 On Monday, 1 April 2019 21:29:33 UTC+2, PARTH PATIL wrote:
>
> Here is a link to my GSoC proposal
> Its a first draft so you are open to comment and suggest changes
>
>
> https://docs.google.com/document/d/1JuoVOU5xMwXY7JrHJshezIyuIpFfoEM49rO3e0rfNhE/edit?usp=sharing
>
>
> Best Regards,
>
> PARTH PATIL
>
> SOFTWARE DEVELOPER, AUV-IITB
>
> CONVENOR, ELECTRONICS & ROBOTICS CLUB IIT BOMBAY.
>
> [image: Image result for FACEBOOK ROUND ICON] 
>  [image: Image result for 
> instagram ROUND ICON]  [image: 
> Image result for linkedin ROUND ICON] 
> 
>
> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-d...@googlegroups.com .
>> To post to this group, send email to django-d...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-developers.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/deae8484-5a5c-4158-b5ef-f262f30eb6eb%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/f1623bf9-a6e1-435b-9a10-8cb998ba0009%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Feature request (API): Add QuerySet of viewable pages or page_ids

[Peter Farrell]

Hi, I think this is a grand idea.

On Tuesday, March 26, 2019 at 10:08:27 AM UTC-5, air-hand wrote:
>
> Hi everyone.
>
> I'm working with django cms, and needed permissions.
>
> CMS_PERMISSION is worked nice, but there is no method of "get viewable 
> pages".
>
> I need viewable pages for listing up pages (searched results, recent 
> updated etc.)
>
> I found cms.utils.get_view_id_list, but this is return view restricted 
> pages only.
>
> User can view not restricted pages, or if included in get_view_id_list. 
> (this is not be perfect, roughly speaking)
>
> If interested, please let me now.
>
> Thanks.
>
>

-- 
Message URL: 
https://groups.google.com/d/msg/django-cms-developers/topic-id/message-id
Unsubscribe: send a message to 
django-cms-developers+unsubscr...@googlegroups.com
--- 
You received this message because you are subscribed to the Google Groups 
"django CMS developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-cms-developers+unsubscr...@googlegroups.com.
To view this discussion on the web, visit 
https://groups.google.com/d/msgid/django-cms-developers/e890c840-d368-4420-8153-d219e53cc120%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal (FormSet Improvement)

[PARTH PATIL]

Yes sure I will try to update my proposal by tomorrow (4th April) night
(IST +5:30), So  please have a look at it once again, and suggest changes.


Best Regards,
PARTH PATIL

On Wed, 3 Apr 2019, 9:23 pm Carlton Gibson, 
wrote:

> Yes, just pseudo code — so when reviewing your proposal next week it's
> easy to see that it'll be the right approach. 
>
> On Wednesday, 3 April 2019 17:51:18 UTC+2, PARTH PATIL wrote:
>>
>>
>>
>> On Wednesday, April 3, 2019 at 8:58:26 PM UTC+5:30, Carlton Gibson wrote:
>>>
>>> Hey Parth.
>>>
>>> Right. So, thanks for making the effort so far. Good.
>>>
>>> Can you add more detail about yourself. You've not contributed to Django
>>> right? So the concern at this point would be whether you're able to fulfil
>>> the project.
>>>
>>
>> I have contributed to Django (see #30189
>> ), I have mentioned it at
>> the end of my proposal, I would try to highlight that.
>>
>>
>>
>>> What's your experience with Django? (and if you want to implement a
>>> declarative formset syntax, Python more generally?)
>>> (Perhaps you said this, but it needs to be in the proposal.)
>>>
>>
>> Sure I will add some of my projects in the proposal.
>>
>>>
>>> You don't necessarily need to have ideas for the final code, but what
>>> does e.g. the usage look like with your idea (i.e. adding the request
>>> parameter)?
>>> (So the formset gets the request and this is available where...? and so
>>> on: can you SHOW in your proposal that this WILL address the issues?)
>>>
>>
>> I'm a little bit confused here, What you mean by "SHOW that this works"?
>>
>>- Do you just write some pseudo code, and say this will work?
>>- Or I have to prove in some way that this will work??
>>
>>
>>> HTH.
>>>
>>> Kind Regards,
>>>
>>> Carlton
>>>
>>>
>>> On Monday, 1 April 2019 21:29:33 UTC+2, PARTH PATIL wrote:

 Here is a link to my GSoC proposal
 Its a first draft so you are open to comment and suggest changes


 https://docs.google.com/document/d/1JuoVOU5xMwXY7JrHJshezIyuIpFfoEM49rO3e0rfNhE/edit?usp=sharing


 Best Regards,

 PARTH PATIL

 SOFTWARE DEVELOPER, AUV-IITB

 CONVENOR, ELECTRONICS & ROBOTICS CLUB IIT BOMBAY.

 [image: Image result for FACEBOOK ROUND ICON]
  [image: Image result for
 instagram ROUND ICON]  [image:
 Image result for linkedin ROUND ICON]
 

 --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/deae8484-5a5c-4158-b5ef-f262f30eb6eb%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAJSC-if9H2qtU3cMx0puRbJFRuH0O7Jq3VomXH3sPaMRbtBB2w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal (FormSet Improvement)

[Carlton Gibson]

Yes, just pseudo code — so when reviewing your proposal next week it's easy 
to see that it'll be the right approach. 

On Wednesday, 3 April 2019 17:51:18 UTC+2, PARTH PATIL wrote:
>
>
>
> On Wednesday, April 3, 2019 at 8:58:26 PM UTC+5:30, Carlton Gibson wrote:
>>
>> Hey Parth. 
>>
>> Right. So, thanks for making the effort so far. Good. 
>>
>> Can you add more detail about yourself. You've not contributed to Django 
>> right? So the concern at this point would be whether you're able to fulfil 
>> the project. 
>>
>
> I have contributed to Django (see #30189 
> ), I have mentioned it at 
> the end of my proposal, I would try to highlight that. 
>
>  
>
>> What's your experience with Django? (and if you want to implement a 
>> declarative formset syntax, Python more generally?)
>> (Perhaps you said this, but it needs to be in the proposal.) 
>>
>
> Sure I will add some of my projects in the proposal. 
>
>>
>> You don't necessarily need to have ideas for the final code, but what 
>> does e.g. the usage look like with your idea (i.e. adding the request 
>> parameter)? 
>> (So the formset gets the request and this is available where...? and so 
>> on: can you SHOW in your proposal that this WILL address the issues?)
>>
>
> I'm a little bit confused here, What you mean by "SHOW that this works"? 
>
>- Do you just write some pseudo code, and say this will work?
>- Or I have to prove in some way that this will work??
>
>
>> HTH.
>>
>> Kind Regards,
>>
>> Carlton
>>
>>
>> On Monday, 1 April 2019 21:29:33 UTC+2, PARTH PATIL wrote:
>>>
>>> Here is a link to my GSoC proposal
>>> Its a first draft so you are open to comment and suggest changes
>>>
>>>
>>> https://docs.google.com/document/d/1JuoVOU5xMwXY7JrHJshezIyuIpFfoEM49rO3e0rfNhE/edit?usp=sharing
>>>
>>>
>>> Best Regards,
>>>
>>> PARTH PATIL
>>>
>>> SOFTWARE DEVELOPER, AUV-IITB
>>>
>>> CONVENOR, ELECTRONICS & ROBOTICS CLUB IIT BOMBAY.
>>>
>>> [image: Image result for FACEBOOK ROUND ICON] 
>>>  [image: Image result for 
>>> instagram ROUND ICON]  [image: 
>>> Image result for linkedin ROUND ICON] 
>>> 
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/deae8484-5a5c-4158-b5ef-f262f30eb6eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal (FormSet Improvement)

[PARTH PATIL]

On Wednesday, April 3, 2019 at 8:58:26 PM UTC+5:30, Carlton Gibson wrote:
>
> Hey Parth. 
>
> Right. So, thanks for making the effort so far. Good. 
>
> Can you add more detail about yourself. You've not contributed to Django 
> right? So the concern at this point would be whether you're able to fulfil 
> the project. 
>

I have contributed to Django (see #30189 
), I have mentioned it at the 
end of my proposal, I would try to highlight that. 

 

> What's your experience with Django? (and if you want to implement a 
> declarative formset syntax, Python more generally?)
> (Perhaps you said this, but it needs to be in the proposal.) 
>

Sure I will add some of my projects in the proposal. 

>
> You don't necessarily need to have ideas for the final code, but what does 
> e.g. the usage look like with your idea (i.e. adding the request 
> parameter)? 
> (So the formset gets the request and this is available where...? and so 
> on: can you SHOW in your proposal that this WILL address the issues?)
>

I'm a little bit confused here, What you mean by "SHOW that this works"? 

   - Do you just write some pseudo code, and say this will work?
   - Or I have to prove in some way that this will work??


> HTH.
>
> Kind Regards,
>
> Carlton
>
>
> On Monday, 1 April 2019 21:29:33 UTC+2, PARTH PATIL wrote:
>>
>> Here is a link to my GSoC proposal
>> Its a first draft so you are open to comment and suggest changes
>>
>>
>> https://docs.google.com/document/d/1JuoVOU5xMwXY7JrHJshezIyuIpFfoEM49rO3e0rfNhE/edit?usp=sharing
>>
>>
>> Best Regards,
>>
>> PARTH PATIL
>>
>> SOFTWARE DEVELOPER, AUV-IITB
>>
>> CONVENOR, ELECTRONICS & ROBOTICS CLUB IIT BOMBAY.
>>
>> [image: Image result for FACEBOOK ROUND ICON] 
>>  [image: Image result for 
>> instagram ROUND ICON]  [image: 
>> Image result for linkedin ROUND ICON] 
>> 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/a3c56a4b-76df-4ac8-9a0e-3e9de01047ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal (FormSet Improvement)

[Carlton Gibson]

Hey Parth. 

Right. So, thanks for making the effort so far. Good. 

Can you add more detail about yourself. You've not contributed to Django 
right? So the concern at this point would be whether you're able to fulfil 
the project. 
What's your experience with Django? (and if you want to implement a 
declarative formset syntax, Python more generally?)
(Perhaps you said this, but it needs to be in the proposal.) 

You don't necessarily need to have ideas for the final code, but what does 
e.g. the usage look like with your idea (i.e. adding the request 
parameter)? 
(So the formset gets the request and this is available where...? and so on: 
can you SHOW in your proposal that this WILL address the issues?)

HTH.

Kind Regards,

Carlton


On Monday, 1 April 2019 21:29:33 UTC+2, PARTH PATIL wrote:
>
> Here is a link to my GSoC proposal
> Its a first draft so you are open to comment and suggest changes
>
>
> https://docs.google.com/document/d/1JuoVOU5xMwXY7JrHJshezIyuIpFfoEM49rO3e0rfNhE/edit?usp=sharing
>
>
> Best Regards,
>
> PARTH PATIL
>
> SOFTWARE DEVELOPER, AUV-IITB
>
> CONVENOR, ELECTRONICS & ROBOTICS CLUB IIT BOMBAY.
>
> [image: Image result for FACEBOOK ROUND ICON] 
>  [image: Image result for 
> instagram ROUND ICON]  [image: 
> Image result for linkedin ROUND ICON] 
> 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/d0a1ca3a-9e5a-4027-ac3e-75c8adc4d968%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

[Carlton Gibson]

Hi Sage. 

Thanks for the proposal. It's looking OK. Couple of points: 


   - There IS an Oracle implementation. See the ticket here: 
   https://code.djangoproject.com/ticket/29821
   - Something that looks like an ArrayField, yes. HStore... not so sure 
   it's worth mimicking. 
   - On the timeline: I think you've spread the coding bit too thin and not 
   allocated enough for Documenting.
  - I think you if you want full-guns at the SQLite PoC in week 1 and 2 
  you'd have something in place quite quickly. 
 - The base field should be simple enough™
 - The SQLite only lookups shouldn't be too complicated. 
  - As I commented on the other thread on this topic, we'll need to 
  advise on getting people set up with SQLite with the JSON extension. 
  - There's more in this that you think I'd guess. No harm in putting 
 time in the schedule for it. 
  - Allow for the possibility you complete early and have time to work 
  on other things...
  - This stuff is difficult to get right. It's more balance that exact 
  times: 
 - The actual timeline won't match the plan ever. 
 - you don't need to worry about two days off for holiday 
  
Your contributions so far have been super. Thank you. 

Kind Regards,

Carlton


On Tuesday, 2 April 2019 13:41:37 UTC+2, Sage M.A. wrote:
>
> Hello, everyone! My name is Sage. I'm a 19-year-old computer science 
> student from Indonesia. I'm planning to join the Google Summer of Code 
> (GSoC) this year, and I want to contribute to Django. I have written a 
> draft for my proposal in this gist 
> . I 
> have submitted two small patches for Django, and I hope to contribute more 
> in the future. Feedbacks are much appreciated, thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/622f8f17-3d52-4ca8-864a-baaa064d1485%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Enable SESSION_COOKIE_SECURE by Default

[James Bennett]

On Wed, Apr 3, 2019 at 4:31 AM Aldian Fazrihady  wrote:

> Many production systems, including mine, are using HTTPS, which
> effectively blocks the capability of attackers from sniffing other people's
> cookies.
>

Closing off opportunities to sniff cookies is more complex than just using
HTTPS, which is why the 'Secure' and 'HttpOnly' flags exist on cookies, why
HSTS and preloading exist, and several other mechanisms.

If you are using HTTPS, you should have both SESSION_COOKIE_SECURE and
CSRF_COOKIE_SECURE set to True. This thread is discussing whether and how
we could default those to True.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAL13Cg-JpDxFVzAHqGmveMxVMD_2k5i%3DB%2BfwwLERi8pGY0%3DGJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

[Sage M.A.]

Hi Sagar,
That's cool! However, I am not quite sure what you meant. If you meant to 
ask questions on how to use Django,
I think it's best to ask them in the django-users forum 
 or the #django 
channel on IRC. I'm sure the community
will be able to help you. I also join those rooms when I can. If you 
actually meant to ask questions about Django
*itself*, then I guess you could ask your questions by posting a new topic 
in this django-developers 
 forum instead
of this topic. This topic is meant to be a place for me to gather feedbacks 
for my GSoC proposal.
Thank you for your interest :)

On Wednesday, 3 April 2019 18:32:03 UTC+7, sagar ninave wrote:
>
> same bro i am too, actually i have learned python in last semester and 
> using djnago build a small project and trying to get more about django. if 
> you dont mind can i ask question when i will stuck somewhere about django 
> and you may ask to me if you will not getting we will try to understand 
> what matter will be
>
> On Wed, Apr 3, 2019 at 8:16 AM Sage M.A. > 
> wrote:
>
>> Hi Sagar, 
>> I started using Django last year. I've been studying the codebase lately, 
>> and I'm still trying to understand the mixins and stuff for the database 
>> backends. I have submitted patches for two tickets (#30294 
>>  and #30295 
>> ), and I'm looking to 
>> contribute more in the future.
>>
>> On Wednesday, 3 April 2019 04:12:52 UTC+7, sagar ninave wrote:
>>>
>>> by the way how much you know django
>>>
>>> On Tue, Apr 2, 2019 at 8:52 PM Sage M.A.  wrote:
>>>
 Thank you.

 On Tuesday, 2 April 2019 19:26:29 UTC+7, sagar ninave wrote:
>
> I appreciate Sage 
>
 -- 
 You received this message because you are subscribed to the Google 
 Groups "Django developers (Contributions to Django itself)" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to django-d...@googlegroups.com.
 To post to this group, send email to django-d...@googlegroups.com.
 Visit this group at https://groups.google.com/group/django-developers.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/django-developers/b02ac6c4-7db3-4d3a-ae08-d1fa848b4b68%40googlegroups.com
  
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-d...@googlegroups.com .
>> To post to this group, send email to django-d...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-developers.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/3737f569-263d-4d09-acb2-2fdc1e2bebf8%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/a3684f5b-265e-430f-b18f-77f26450716f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

[sagar ninave]

same bro i am too, actually i have learned python in last semester and
using djnago build a small project and trying to get more about django. if
you dont mind can i ask question when i will stuck somewhere about django
and you may ask to me if you will not getting we will try to understand
what matter will be

On Wed, Apr 3, 2019 at 8:16 AM Sage M.A.  wrote:

> Hi Sagar,
> I started using Django last year. I've been studying the codebase lately,
> and I'm still trying to understand the mixins and stuff for the database
> backends. I have submitted patches for two tickets (#30294
>  and #30295
> ), and I'm looking to
> contribute more in the future.
>
> On Wednesday, 3 April 2019 04:12:52 UTC+7, sagar ninave wrote:
>>
>> by the way how much you know django
>>
>> On Tue, Apr 2, 2019 at 8:52 PM Sage M.A.  wrote:
>>
>>> Thank you.
>>>
>>> On Tuesday, 2 April 2019 19:26:29 UTC+7, sagar ninave wrote:

 I appreciate Sage

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-d...@googlegroups.com.
>>> To post to this group, send email to django-d...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/django-developers.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/b02ac6c4-7db3-4d3a-ae08-d1fa848b4b68%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/3737f569-263d-4d09-acb2-2fdc1e2bebf8%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAA6pdZ-eYMBOaVscN-xrEbfCe_fWXbARDJ1%3D77aa-fzwwDW_qA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Enable SESSION_COOKIE_SECURE by Default

[Aldian Fazrihady]

Hi Carlton,

Many production systems, including mine, are using HTTPS, which effectively
blocks the capability of attackers from sniffing other people's cookies.

Regards,

Aldian Fazrihady

On Wed, Apr 3, 2019 at 4:02 PM Carlton Gibson 
wrote:

> Hi all.
>
> https://code.djangoproject.com/ticket/30314
>
> >  Per the documentation, "Leaving this setting off isn’t a good idea
> because an attacker could capture an unencrypted session cookie with a
> packet sniffer and use the cookie to hijack the user’s session."
> >
> > If it's not a good idea for this setting to be off, why is it off by
> default? Seems backwards to me.
>
> This looks right to me. A small breaking change for 3.0 would seem
> reasonable. So I'm going to Accept this.
>
> BUT this has been this way forever
> 
>  so
> I just wanted to check if there were any overriding *Whys*?
>
> Thanks.
> Carlton
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/e67ee6a2-751e-4b24-9d72-6c746a8c0178%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAN7EoAZD5zYSQNqb13sJiaLsRNyFZhE9YREW%2B4hjUrC-TQp-HA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: the design of django group permission should be optimized in django.contrib.auth.ModelBackend

[John D'Ambrosio]

I believe this change is merited and I would be happy to help if others are 
interested in working this.  I have actually monkey-patched it a few times 
now for two reasons:

a) I want more data fields on the group itself, or
b) I want to implement nested groups

MPTT's docs suggest one approach which is gross (no offense) because it 
creates migrations in a contrib app!

https://django-mptt.readthedocs.io/en/latest/models.html?highlight=group#registration-of-existing-models

The nested group concept has the added concern of the PermissionsMixin 
leveraging a few helper functions which are defined outside of the class 
and not easily swappable themselves.  Maybe if we proceed on this we tackle 
it in two phases.  In the first, we can align all of the pieces to make it 
more easily swappable.  In the second, we can introduce the swap.  We 
definitely will want to avoid some of the pitfalls of AbstractUser and 
UserManager where one is unable to import varying degrees of scaffolding 
without invoking the concrete pieces we are not using.

I agree with Tim that the swappable model approach is less than ideal and 
not well-documented for transitions, but maybe those of us who've done it 
can submit some detailed guides with some concrete steps of how to swap out 
the table namespaces and retire the old models retroactively, as well as 
the usual (maybe even stronger) encouragement to pull in the models to your 
core app up-front?  Could even have startproject do it for you in the 
future... maybe recommend an "accounts" app or something?

Anyway, happy to help.  Please let me know if there is interest in 
proceeding.

On Friday, August 31, 2018 at 4:28:30 PM UTC-4, 程SN wrote:
>
> Hi everybody,
>
> the information is not enough for my company in 
> django.contrib.auth.models.Usre and django.contrib.auth.models.Group. So I 
> custom User and Team model.
>
> the auth User can be changed in the django settings by AUTH_USER_MODEL. 
> But the Group cannot.
>  
> Further, There are many group permissions problem presented when I use 
> django permissions. 
>
> Firstly, I cannot use django.contrib.auth.ModelBackend directly.
>
> in django.contrib.auth.ModelBackend,  Django currently bind group 
> permissions with  django.contrib.auth.models.Group
>
> def _get_group_permissions(self, user_obj):
> user_groups_field = get_user_model()._meta.get_field('groups')
> user_groups_query = 'group
> __%s' % user_groups_field.related_query_name()
> return Permission.objects.filter(**{user_groups_query: user_obj})
>
> Why the group cannot be changed in the settings like AUTH_USER_MODEL ?  
> Can Djano support AUTH_GROUP_MODEL in the further release?
>
> So I have to custom backend that extend django.contrib.auth.ModelBackend 
> and modify group to my team.
>
> But I find the other problem  in my further developing.  The bad design 
>  limit the other app design.
>
> Many app about django permission , only  support group permission based 
> on django.contrib.auth.models.Group, like django-guardian
>
> It's too bad.  Please support AUTH_GROUP_MODEL
>  
> --
> Regards,
>
> damoncheng
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/f520ef96-e1c0-4f11-9026-be3d2b50b901%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Enable SESSION_COOKIE_SECURE by Default

[Matthias Kestenholz]

On Wed, Apr 3, 2019 at 11:39 AM James Bennett  wrote:

> On Wed, Apr 3, 2019 at 2:34 AM Carlton Gibson 
> wrote:
>
>> Yes, super thanks. Breaking login in development would qualify as a good
>> *Why* yes. 
>>
>> I'll assume we're NOT going to do this, but anyone with input, please do
>> comment.
>>
>
> Historically I've done something along the lines of
>
> CSRF_COOKIE_SECURE = not DEBUG
> SESSION_COOKIE_SECURE = not DEBUG
>
> That guarantees I never go to production without the cookies set to
> secure, but also avoids breaking local dev. I do similar things with other
> SSL-related settings.
>
> I'm not sure how well it generalizes to other people's use cases, though.
>

I do this too, but not using "not DEBUG" but SECURE_SSL_REDIRECT (or the
related setting for django-canonical-domain). It might be a good idea to
add something like this to the project template?

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CANvPqgCES-_-%3D8V%2BuAxecqC-Xd2sUaqeDRiSeX%2Byz0OXrfZRUQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Enable SESSION_COOKIE_SECURE by Default

[James Bennett]

On Wed, Apr 3, 2019 at 2:34 AM Carlton Gibson 
wrote:

> Yes, super thanks. Breaking login in development would qualify as a good
> *Why* yes. 
>
> I'll assume we're NOT going to do this, but anyone with input, please do
> comment.
>

Historically I've done something along the lines of

CSRF_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_SECURE = not DEBUG

That guarantees I never go to production without the cookies set to secure,
but also avoids breaking local dev. I do similar things with other
SSL-related settings.

I'm not sure how well it generalizes to other people's use cases, though.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAL13Cg8NrS3k_XXp4mB%3DaLQgmoo3yhuEMXOrrB2_yBj_tMV1qw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Enable SESSION_COOKIE_SECURE by Default

[Carlton Gibson]

Hi Matthias, 

Yes, super thanks. Breaking login in development would qualify as a good 
*Why* yes. 

I'll assume we're NOT going to do this, but anyone with input, please do 
comment. 

> (The same reasoning should probably be applied to CSRF_COOKIE_SECURE.

Absolutely. And, soon, `LANGUAGE_` 
too. https://github.com/django/django/pull/11155


Thanks. C. 




On Wednesday, 3 April 2019 10:19:15 UTC+2, Matthias Kestenholz wrote:
>
> On Wed, Apr 3, 2019 at 10:02 AM Carlton Gibson  > wrote:
>
>> Hi all. 
>>
>> https://code.djangoproject.com/ticket/30314
>>
>> >  Per the documentation, "Leaving this setting off isn’t a good idea 
>> because an attacker could capture an unencrypted session cookie with a 
>> packet sniffer and use the cookie to hijack the user’s session."
>> >
>> > If it's not a good idea for this setting to be off, why is it off by 
>> default? Seems backwards to me.
>>
>> This looks right to me. A small breaking change for 3.0 would seem 
>> reasonable. So I'm going to Accept this. 
>>
>> BUT this has been this way forever 
>> 
>>  so 
>> I just wanted to check if there were any overriding *Whys*?
>>
>
> (The same reasoning should probably be applied to CSRF_COOKIE_SECURE.)
>
> My opinion is that this isn't a good idea. Right now it's possible to 
> always have the SecurityMiddleware in MIDDLEWARE without adding any 
> security-specific settings to the default setup. You get the following 
> benefits:
>
> - Authenticating when developing locally works (as I understand it it does 
> not with *_COOKIE_SECURE set to True because you can't authenticate anymore 
> on the http: development server)
> - You get the SecurityMiddleware's warnings if you do not enable those 
> settings when DEBUG=False
>
> I fear that more people will remove the SecurityMiddleware (which is in 
> the default setup) instead of deactivating secure cookies for local 
> development which means a net negative for security.
>
> Thanks,
> Matthias
>
>  
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/46eb57dc-6b63-4a03-8937-6c6ad731344f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Enable SESSION_COOKIE_SECURE by Default

[Matthias Kestenholz]

On Wed, Apr 3, 2019 at 10:02 AM Carlton Gibson 
wrote:

> Hi all.
>
> https://code.djangoproject.com/ticket/30314
>
> >  Per the documentation, "Leaving this setting off isn’t a good idea
> because an attacker could capture an unencrypted session cookie with a
> packet sniffer and use the cookie to hijack the user’s session."
> >
> > If it's not a good idea for this setting to be off, why is it off by
> default? Seems backwards to me.
>
> This looks right to me. A small breaking change for 3.0 would seem
> reasonable. So I'm going to Accept this.
>
> BUT this has been this way forever
> 
>  so
> I just wanted to check if there were any overriding *Whys*?
>

(The same reasoning should probably be applied to CSRF_COOKIE_SECURE.)

My opinion is that this isn't a good idea. Right now it's possible to
always have the SecurityMiddleware in MIDDLEWARE without adding any
security-specific settings to the default setup. You get the following
benefits:

- Authenticating when developing locally works (as I understand it it does
not with *_COOKIE_SECURE set to True because you can't authenticate anymore
on the http: development server)
- You get the SecurityMiddleware's warnings if you do not enable those
settings when DEBUG=False

I fear that more people will remove the SecurityMiddleware (which is in the
default setup) instead of deactivating secure cookies for local development
which means a net negative for security.

Thanks,
Matthias

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CANvPqgCBK4B5k4hFPnvQvHv4ie2Bd0gnbw1sNhdCFb5KC7jsSg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Enable SESSION_COOKIE_SECURE by Default

[Carlton Gibson]

Hi all. 

https://code.djangoproject.com/ticket/30314

>  Per the documentation, "Leaving this setting off isn’t a good idea 
because an attacker could capture an unencrypted session cookie with a 
packet sniffer and use the cookie to hijack the user’s session."
>
> If it's not a good idea for this setting to be off, why is it off by 
default? Seems backwards to me.

This looks right to me. A small breaking change for 3.0 would seem 
reasonable. So I'm going to Accept this. 

BUT this has been this way forever 

 so 
I just wanted to check if there were any overriding *Whys*?

Thanks. 
Carlton

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/e67ee6a2-751e-4b24-9d72-6c746a8c0178%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.