Re: Problem with views and urls

2010-02-23 Thread Jon Loeliger 
> Hello,
> 
> I'm having a problem with views and url's. If I have a url called  
> "people" that has a callback to "index" works fine, but if I add a  
> url for parameters, let's say "people//" it does call the  
> index function, instead of the defined one. If I change it, for  
> example to "ppl//" it works fine. Any ideas? I leave here the  
> code.

> urlpatterns = patterns('',
>  (r'^admin/', include(admin.site.urls)),
>  (r'^people/', 'IeA.gestion.views.index'),
>  (r'^people/(?P\d+)/$', 'IeA.gestion.views.detail'),
> )

First match wins, right?

A lacking $ in the first people rule will match
with a trailing number as well.

So I think you can solve yuour problem by either switching
the order of the people patterns or add a trailing $ to the
first rule: r'^people/$'.

jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Slugify() and Clean form data Questions

2010-02-22 Thread Jon Loeliger 
> 
> Hope this better answers your question,
> Matt

Matt,

Indeed it does.  Thank you!

I guess a bit of the frustrating part of learning Django here
is stumbling across the sites that explain how to do various
tidbits of functionality, and then slide in some variant [*1*]
of "But one would never do this on a production site." warning.

I think to myself "But this is *exactly* the functionality I need."
So, uh, what *should* I do differently then?  Or, um, OK, so,
why not take the next step in the write-up and tell me what the
best practice is so I *can* "do this in a production setting."

I read chapter 20.  And when I was done, I had an inkling that
Django escaped my user data when it went to HTML output.  Good.
And I read where "Django's API does this [escape SQL] for you".

But what wasn't clear to me was how much *more* I really should do.
How worried should I be?  Should I write better form cleaning and
validating functions?  Should I write custom save() functions to
search for SQL or script hacks?  That sort of thing.

And from the sounds of it, you are saying Django has taken large and
likely sufficient steps already.  Most excellent!  And thank you!

Thanks,
jdl

[*1*] Off hand examples:

http://lethain.com/entry/2007/dec/01/using-jquery-django-autocomplete-fields/

http://lethain.com/entry/2008/sep/21/intro-to-unintrusive-javascript-with-django/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Slugify() and Clean form data Questions

2010-02-22 Thread Jon Loeliger 
> 
> Is there a reason why you can't use Form.is_valid()? It's pretty nice.
> 
> http://docs.djangoproject.com/en/dev/ref/forms/api/#accessing-clean-data
> 
> Example:
> http://gist.github.com/311192

I get is_valid() and the notion of cleaned data.  I *think*,
though, that I am asking for something more robust.

Will some_form.is_valid() will, say, remove (or identify)
embedded SQL hacking attempts from a plain text field input?

Thanks,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Slugify() and Clean form data Questions

2010-02-20 Thread Jon Loeliger 
> Folks,

A few days ago I asked:

> Is there a canonical definition or even a reference
> implementation of a slug = slugify(str) function somewhere? 

Thanks for taking the time to answer that for me!  We pretty much
beat the answer into my thick skull:  Use the slugify() function
as per "from django.template.defaultfilters import slugify".


What about my second question from earlier?:

> Is there a standard clean_user_input() that accepts direct user
> input from a form text field and de-gunks it so that it is later
> acceptable to be re-emitted as HTML formatted data without worry
> of hacking issues?  I am looking form something more clever than
> simply validating the user's input to conform to "is a number" or
> "is a text field" sorts of thing.  I'm specifically looking for a
> function that strips out embedded scripting, SQL, HTML, etc hackery.
> Sure, I'd then like to use it to verify clean form input of course.

How do people ensure safe user input from their forms?

Thanks,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Slugify() and Clean form data Questions

2010-02-18 Thread Jon Loeliger 
> 
> from django.template.defaultfilters import slugify
> 
> Every filter you see listed in
> http://docs.djangoproject.com/en/dev/ref/templates/builtins/ lives in
> django.template.defaultfilters.

Awesome!  Thanks!

And with that in hand, the only place I can find the string
"django.template.defaultfilters" in the documentation is as
a "Behind the Scenes" side-note to the "Custom Template Tags
and Filters" page:

http://docs.djangoproject.com/en/dev/howto/custom-template-tags/

Um, not exactly the obvious place to me.  (How did you come
to learn that this is where they were implemented?)

And from a usability standpoint, I'm still going to have to
go track down the sources to learn what that API signature
actually looks like now.

...

Except that I see a clear example given in

http://gist.github.com/308068 now too!

Most excellent!

Thanks!

jdl


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Slugify() and Clean form data Questions

2010-02-18 Thread Jon Loeliger 

> Some places say underscores are valid, others say they removed:
> 
> http://docs.djangoproject.com/en/dev/ref/templates/builtins/
> 
> slugify
> 
>   Converts to lowercase, removes non-word characters
>   (alphanumerics and underscores) and converts spaces to
>   hyphens. Also strips leading and trailing whitespace.

Wow.  I just now re-read that differently.  (alphanumerics and
underscores) are what is _left_.

Would this be clearer?

Converts to lowercase, allows dashes and underscores,
removes other non-alphanumeric characters, and converts spaces
to hyphens. Also strips leading and trailing whitespace.

Dunno.

jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Slugify() and Clean form data Questions

2010-02-18 Thread Jon Loeliger 
> 
> > Is there a canonical definition or even a reference implementation
> > of a slug =3D slugify(str) function somewhere?  Yeah, I could go
> > grep through the sources and maybe find one?  And yes, I see:
> >=20
> >http://docs.djangoproject.com/en/dev/ref/models/fields/#slugfield
> >=20
> > But even that is a bit ambiguous as to the treatment of underscores.
> 
> Could you clarify what you mean by "ambiguous as to the treatment of unders=
> cores"?  I don't see an ambiguity, so I wonder what I'm missing.

Some places say underscores are valid, others say they removed:

http://docs.djangoproject.com/en/dev/ref/templates/builtins/

slugify

Converts to lowercase, removes non-word characters
(alphanumerics and underscores) and converts spaces to
hyphens. Also strips leading and trailing whitespace.


> My understanding is that a slug is usable as a URL; that's really the synta=
> x definition, and is why it is limited to "only letters, numbers, underscor=
> es or hyphens." A slug is effectively an artifact of Django's birth in jour=
> nalism-on-the-web, and an extraordinarily handy one.  As such, it exists fo=
> r practical reasons, rather than purity.

Sure, I get that.

It would be nice to use the same (or at least internally consistent)
definition, of course.

> I do indeed use the slugify() function for precisely that pattern.

Exactly *which* slugify() function?  Documentation reference?
Import from line?

> I override the model's save method, and populate the slug field prior
> to allowing the save to proceed.  I picked up that trick from some
> other code somewhere; it isn't uncommon.

Well, yeah.  That's what I want to do too! :-)  Any chance you
can post a snippet for me?

> HTH,

Somewhat!

Thanks,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Slugify() and Clean form data Questions

2010-02-18 Thread Jon Loeliger 
Folks,

Quick question or two:

Is there a canonical definition or even a reference implementation
of a slug = slugify(str) function somewhere?  Yeah, I could go
grep through the sources and maybe find one?  And yes, I see:

http://docs.djangoproject.com/en/dev/ref/models/fields/#slugfield

But even that is a bit ambiguous as to the treatment of underscores.
Naturally, I'm wanting to use a slug to identify some model instances
based on some other model field.  But it's not being entered via the
Admin model, so I can't do the prepopulated_fileds[] trick either.

Second question:

Is there a standard clean_user_input() that accepts direct user
input from a form text field and de-gunks it so that it is later
acceptable to be re-emitted as HTML formatted data without worry
of hacking issues?  I am looking form something more clever than
simply validating the user's input to conform to "is a number" or
"is a text field" sorts of thing.  I'm specifically looking for a
function that strips out embedded scripting, SQL, HTML, etc hackery.
Sure, I'd then like to use it to verify clean form input of course.

Thanks,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

AJAX Autocompletion Field

2010-02-13 Thread Jon Loeliger 
Folks,

For likely the umpteenth time, can someone recommend a good
AJAX auto completion tutorial or example that I might use
to crib-together a text-field selection that would otherwise
be a very large drop-down selection field?

My use case would be essentially like having a table full
of say, recipie ingredients, and letting the user select
which one to add into a recipe.  I'd like to have the user
simply start typing a few first characters and then let an
autocompleter search for matches and present them to the user.
The source of the matches would be a "Name" TextField in
some model.

What is the current Best Practice or even Good Advice? :-)
Pros and cons for jQuery or extjs or something else?
A good "How To" or a pointer to a write up?

Thanks,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Getting uploaded images to show

2010-02-13 Thread Jon Loeliger 
> 2010/2/13 holger :
> > I am new to django and I am trying to get an image upload to work.
> >
> > My media url is
> > MEDIA_URL =3D 'http://127.0.0.1:8000/media/'
> >
> > and my media_root is
> > MEDIA_ROOT =3D os.path.join(PROJECT_ROOT, 'media')
> >
> > where project_root points to the root folder for the project
> >
> > So I want the images to be uploaded to http://127.0.0.1:8000/media/uploads/
> >
> > I can see the images being uploaded to the directory but I can't
> > access the file through the url in the template.
> >
> > What am I missing?
>
>
> Do you have this code in urls.py?
> 
> if settings.DEBUG:
> urlpatterns +=3D patterns('',
> (r'^media/(?P.*)$',
> 'django.views.static.serve', {'document_root':'./media/'}),
> )
> 
> In DEBUG mode you need such a code to serve static media.

I also had difficulty even with the suggested d.v.static.serve
as suggested above.  I had to change the ADMIN_MEDIA_PREFIX in
my settings.py to be different from MEDIA_ROOT as well.

HTH,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

State of the Django MPTT Art?

2010-02-10 Thread Jon Loeliger 

Folks,

I'd like to add a few MPTT manged data-sets to my projects
so I am wondering what the current state of the MPTT art is.
I'm using Danjgo 1.1.1 right now, and would like to slap down
an MPTT manager in my project that is BSD-ish licensed, allows
multiple, different sets of nodes, and hopefully comes with a
good admin interface too!

Googling shows both django-mptt and -treebeard, but are there
good recommendations pro- or con- for either one?  Or is there
a better third choice out there now?

Thanks,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

[ANSWER] Re: Template and Form Question

2010-02-10 Thread Jon Loeliger 
> Folks,
> 
> I would appreciate some help figuring out how to create a
> templated form scenario.  The quick form of the question is
> either:
> 
> How do I iterate over two form field list simultaneously
> in my template using {% for f in form %}, sort of like
> {% for f,g in form1,form2 %}?
> or
> How do I iterate over a list of strings and use that to
> select form fields in my template?
> 
> 
> Gory details of and failed attempts follow...

So, for the record, I failed to get any form of proper
template variable use or lookup to do what I needed.

However, I was able to achieve success in my table construction
using the following custom template filter as found here:


http://diffract.me/2009/09/django-template-filter-show-list-of-objects-as-table-with-fixed-number-of-columns/

 File: my_filter.py 

from django import template

register = template.Library()

def tablecols(data, cols):
rows = []
row = []
index = 0
for user in data:
row.append(user)
index = index + 1
if index % cols == 0:
rows.append(row)
row = []
# Still stuff missing?
if len(row) > 0:
rows.append(row)
return rows

register.filter('tablecols', tablecols)

and then in my template:

{% load my_filters %}

and:

{% for row in attr_form|tablecols:2 %}

{% for f in row %}
{% if forloop.first %}
{{ f.label }}
{% endif %}
{{f.errors}}{{f}}
{% endfor %}

{% endfor %}


HTH,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Template and Form Question

2010-02-05 Thread Jon Loeliger 
Folks,

I would appreciate some help figuring out how to create a
templated form scenario.  The quick form of the question is
either:

How do I iterate over two form field list simultaneously
in my template using {% for f in form %}, sort of like
{% for f,g in form1,form2 %}?
or
How do I iterate over a list of strings and use that to
select form fields in my template?


Gory details of and failed attempts follow...

I have a dynamically created form, attr_form, that derives
its fields from a query and adds pairs of fields to the form
roughly like this in my forms.py:

def create_attribute_form():
class AttrForm(forms.Form):
for every DB Attribute field, attr, on something:
name = attr.name# Eg: "Volume"
units = "%s-units" % name   # Eg: "Volume-units"
self.fields[name] = forms.FloatField()   # Eg, "17.0"
self.fields[units] = forms.ModelChoiceField(...) # Eg, "Liters"

In my view, I trump up this form and hand it to my template in
a context as "attr_form".  I know this form gets to my template
correctly because I can simply place {{ attr_form.as_p }} in it
and all the fields are present.  They are just not how I want 
them arranged.

Specifically, I want to arrange them into a table like this:

 Attribute| Value | Units
 -|---|-
 Temperature  |70 | C
 Volume   |17 | Liters

Which means I need to iterate over "Volume" and "Temperature"
attribute names, and locate the "Volume" field and then the
"Volume-units" field of my form in order to form one row of
the table before going on to the next.

If I just iterate over the attr_form straight up, I will see
all the attributes, of course.

So I kind of want to do this (not working) in my template:

with:
{{ attr_list }} == [ "Volume", "Temperature" ]
{{ attr_form }} == The form instance with pairs of fields in it


.
{% for attr in attr_list %}

{{attr}}
{{attr_form.fields.$attr.}}
{{attr_form.fields."$attr"-"units".}}

{% endfor %}


Naturally that $attr and constructing that $attr-"units" thing
is totaly bogus.  But even if I passed in a list of tuples
with ("Volume", "Volume-units") in it and looped over that,
I still can't use those for-loop-variables to index into the
form's fields[] to get and print the fields!

So another approach I tried was this:  In my view, create a list of
triplets with:
("Volume", , )
and pass that into the template as "attr_trio":


.
{% for a,v,u in attr_trio %}

{{a}}
{{v}}
{{u}}

{% endfor %}


This *almost* works, but what I get is a table like:

   Volume  object at 0x2768910>
 Temperature   object at 0x2768050>

That looks like the v and u parts are either un-instantiated,
or being processed differently, or un-bound, or *something*...

As another approach I've explored unsuccessfully so far,
I've tried to create two forms: one with the Attribute fields
and another with the corresponding Units fields.  I can pass
both those into the template, but now I need a way to iterate
over the attr_form and units_form simultaneously so that I
can grab a "Volume" and a "Volume-units" field for one row.

I have the itertable list of ["Volume", "Temperature", ...] available,
but I don't know how to use that iteration variable name to select
the form field from the two forms:

with:
{{ attr_list }} == [ "Volume", "Temperature" ]
{{ attr_form }} == The form instance with just Attribute fields
{{ units_form }} == The form instance with corresponding Units fields


.
{% for a in attr_list %}

{{a}}
{{attr_form.a}}
{{units_form.a}}

{% endfor %}


Even that glosses over the problem of having a form with two
fields labeled with the same name.  I'd really have to loop over
a tuple of ("Volume", "Volume-units") like:

{% for a,u in attrunit_list %}
...
{{a}}
{{attr_form.a}}
{{units_form.u}}

But none of that works either.

OK.  Any chance someone can point out the forehead-slapping
obvious solution for me?  Or point me in the right direction?

Should I give up on doing this in the template and somehow
render the whole form into a string in the view and pass that
into the template to slap it down?  Does that violate some
large abstraction separation? :-)

Thanks,
jdl

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.