Reactive frontend + Session Authentication (+ csrf ?)
With traditional frontend (like realized with Django templates), the user will GET the login form and in this step Django sends csrf token. Later, in 2nd step, you send credential and the csrf token to the server. But in Django + Reactive frontend (Svelte in my case, but it is not important at all) solution, the Login form is created by Svelte. Them submission: not the real submission, but under the Submit button Svelte sends credentials to Django using FetchAPI. Maybe this submission is the 1st communication to Django server and so we haven't the csrf token yet (?!) So I have realized the Session Authentication without any regard to csrftoken cookie. My login view is wrapped by csrf_exempt. Svelte form sends credentials, Django makes login() and sends sessionid cookie back. It works. Now my question is: Is this solution safe enough? Or is it danger and I should first get the csrftoken cookie from server in some earlier request and add the header with csrftoken? It is pain to have such question. AI cannot answer it, instead it will write lot of text and code examples, without answering YES or NO, without understanding what I am asking. Find other sources is difficult (StackOverflow) is difficult too. On one side many people say Session Authentication is safe for browsers, JWT is not safe at all (because the token is saved in LocalStorage, not KeyChain). On other side, it looks like almost nobody uses Session Authentication and in problems many people say: Just go to JWT. That are reasons why it is difficult to realize the Session Authentication. But once realized, it is supereasy - no code, just the built-in cookie mechanism. So what do you mean? Or can you recommend some source which describes reactive frontend + sessionid & csrftoken cookies? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/e8d3658a-0e28-468d-a6f6-10e058217605n%40googlegroups.com.
GraphQL library
I want start learn and use for my own project (together with Apollo frontend library). What do you think is a proper library selection in 2024? strawberry-graphql-django? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/be0b1566-529f-4649-9e2f-a5754c9d9dcdn%40googlegroups.com.
Re: How to hide/disable ModelAdmin
Seems I know the answer: class HiddenAdmin(admin.ModelAdmin): has_module_permission = lambda self, req: False https://stackoverflow.com/questions/2431727/django-admin-hide-a-model https://stackoverflow.com/questions/49293901/hide-model-from-main-admin-list-but-allow-creation-in-inline-editor Dne čtvrtek 4. března 2021 v 21:22:41 UTC+1 uživatel zvo...@seznam.cz napsal: > I want use Django 2+ autocomplete_fields. > Adding them into (source) ModelAdmin will give lot of errors (see bellow). > So I must add a (target) ModelAdmin with search_fields=... > > After that everything works. > However I don't want to have such new ModelAdmin's visible/accessible. > I have data of their models already much better accessible in Inlines. > > Is there a way how to give search_fields=.. and not show the new > ModelAdmin? > > Thank you. > > ``` > ERRORS: > : (admin.E039) An admin for model > "PartVariant" has to be registered to be referenced by > PartCodeInline.autocomplete_fields. > : (admin.E040) PartCodeTypeAdmin > must define "search_fields", because it's referenced by > PartCodeInline.autocomplete_fields. > : (admin.E039) An admin for model > "Size" has to be registered to be referenced by > PartSizeInline.autocomplete_fields. > : (admin.E039) An admin for > model "Size" has to be registered to be referenced by > PartSubGroupInline.autocomplete_fields. > ``` > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/98a443b2-15f7-4172-bd8e-1635dc98f30an%40googlegroups.com.
How to hide/disable ModelAdmin
I want use Django 2+ autocomplete_fields. Adding them into (source) ModelAdmin will give lot of errors (see bellow). So I must add a (target) ModelAdmin with search_fields=... After that everything works. However I don't want to have such new ModelAdmin's visible/accessible. I have data of their models already much better accessible in Inlines. Is there a way how to give search_fields=.. and not show the new ModelAdmin? Thank you. ``` ERRORS: : (admin.E039) An admin for model "PartVariant" has to be registered to be referenced by PartCodeInline.autocomplete_fields. : (admin.E040) PartCodeTypeAdmin must define "search_fields", because it's referenced by PartCodeInline.autocomplete_fields. : (admin.E039) An admin for model "Size" has to be registered to be referenced by PartSizeInline.autocomplete_fields. : (admin.E039) An admin for model "Size" has to be registered to be referenced by PartSubGroupInline.autocomplete_fields. ``` -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2d5c4536-9e1f-49f6-93a9-31802a80e12cn%40googlegroups.com.
Re: Popups in django forms?
No response for this topic for some time, so I will try partially answer myself. Admin Django starting from version 2.0 has autocomplete_fields. These are relalational fields (ForeignKey, ManyToManyField), targeted into other ModelAdmin, which find content for their widget via ajax at the url autocomplete/. It works together with the .search_fields attribute of the targeted ModelAdmin. .search_fields says, in which fields should be searched the string, which user will enter into the popup widget. .search_fields can be replaced using .get_search_results(). Django implementation is weak. Problem is that the implementation doesn't think at all about the situation when 2 different ForeignKey-s target into same model. Example: If you have in model 2 fields "Owner" and "Responsible", both targeted into User model, Django cannot in .get_search_results() find, which of them you just enter and how the accesible options should be filtered. It is possible to make a trick with modyfiing of the Referer adress (request.headers['Referer']). We could add something like ?key=..., so .get_search_results() has then information, which one ForeignKey asks for results. I made some experiments with this earlier and in github.com/pyutil/django-admin-autocomplete-all it is implemented (and a little commented with an usage example) in `autocomplete_all/js/autocomplete_params.js`. Just inspiration, because I don't think that this package is perfect and its documentation well. Django 2+ autocomplete_fields however cannot be used outside of Admin. So we have 2 ways how to go: 1) Use django-autocomplete-light everywhere and ignore the possibility of Dj2 autocomplete_fields, or 2) inside the Admin to prefer the native possibility: autocomplete_fields. Dne pátek 26. února 2021 v 10:14:54 UTC+1 uživatel zvo...@seznam.cz napsal: > I want start a new project with good support for popups (select+options) > in forms. > > My requirements are (and I think for real life project they are > neccessary): > 1. ajax retrieved options based on users selection (outside of admin and > inside admin), > 2. dynamic filtering of (especially related) options (again outside/inside > admin, include admin inlines); example: country & city: only cities from > selected country should be accessible. > > I have implemented this > > https://simpleisbetterthancomplex.com/tutorial/2018/01/29/how-to-implement-dependent-or-chained-dropdown-list-with-django.html > include (2) functionality in inlines and it works. > > However it requires to much individual work in each case and doesn't > combine with ajax. > > Is there a better way how to achieve (1)+(2) everywhere in application? > Are there some packages? What about django-autocomplete-light? > > Best regards, > Mirek > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3a1517e7-9d59-4453-bd0f-81d639fb415an%40googlegroups.com.
Popups in django forms?
I want start a new project with good support for popups (select+options) in forms. My requirements are (and I think for real life project they are neccessary): 1. ajax retrieved options based on users selection (outside of admin and inside admin), 2. dynamic filtering of (especially related) options (again outside/inside admin, include admin inlines); example: country & city: only cities from selected country should be accessible. I have implemented this https://simpleisbetterthancomplex.com/tutorial/2018/01/29/how-to-implement-dependent-or-chained-dropdown-list-with-django.html include (2) functionality in inlines and it works. However it requires to much individual work in each case and doesn't combine with ajax. Is there a better way how to achieve (1)+(2) everywhere in application? Are there some packages? What about django-autocomplete-light? Best regards, Mirek -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0a566f3b-01f1-464c-9294-fd982367caf8n%40googlegroups.com.
