Sean: Thanks, man, that link saved my day (at least a few hours)! This
should definitely be mentioned in the Django documentation asap.
Scott: yup, and I can now just say follow = {'date_joined': False}
instead of specifying both date_joined_date and date_joined_time by
hand (as I described above
On Thu, Aug 24, 2006 at 08:16:25PM +0200, Sean wrote:
>
> Just stumbled upon this:
> http://www.rossp.org/blog/2006/aug/23/changemanipulators-only-part-model/
>
> Could be of use to some.
>
> Scott Paul Robertson wrote:
> > On Thu, Aug 24, 2006 at 10:46:25AM -, cyberco wrote:
> >
> >> Wha
OK, I got the dates working now that I've converted them to strings.
But I can't set the value for the 'is_superuser' attribute using the
same mechanism:
==VIEW==
userManipulator = User.ChangeManipulator(request.user.id)
origUser = userManipulator.original_object
new_data_
OK, I got the dates working now that I've converted them to strings.
But I can't set the value for the 'is_superuser' attribute using the
same mechanism:
==VIEW==
userManipulator = User.ChangeManipulator(request.user.id)
origUser = userManipulator.original_object
new_data_
Just stumbled upon this:
http://www.rossp.org/blog/2006/aug/23/changemanipulators-only-part-model/
Could be of use to some.
Scott Paul Robertson wrote:
> On Thu, Aug 24, 2006 at 10:46:25AM -, cyberco wrote:
>
>> What works is this:
>>
>> =
>> new_data_user['date_joined
On Thu, Aug 24, 2006 at 10:46:25AM -, cyberco wrote:
>
> What works is this:
>
> =
> new_data_user['date_joined_date'] = str(origUser.date_joined.date())
> =
>
> Not sure if that is wise...
>
Unfortunately get_validation_errors expects the type that
What works is this:
=
new_data_user['date_joined_date'] = str(origUser.date_joined.date())
=
Not sure if that is wise...
cyberco wrote:
> Besides, if I don't pass all attributes I have to set them manually. In
> case of User.date_joined somehow none of t
Besides, if I don't pass all attributes I have to set them manually. In
case of User.date_joined somehow none of the following works:
=
new_data_user['date_joined'] = origUser.date_joined
new_data_user['date_joined_date'] = origUser.date_joined_date
new_data_user['date_joined_
Besides, if I don't pass all attributes I have to set them manually. In
case of User.date_joined somehow none of the following works:
=
new_data_user['date_joined'] = origUser.date_joined
new_data_user['date_joined_date'] = origUser.date_joined_date
new_data_user['date_joined_
Thanks to everyone here, this really helped me out.
One thing I still have questions about it Eric's remark:
> ---
> Take note that, since the is_superuser is not a required field, iirc,
> you don't have to set it in new_data if your intent leave the value the
> same.
> ---
I indeed want to keep
This is what you'd do if you wanted to set is_superuser for a
manipulator and not use the 'hidden input' idea.
let's take your view from the point where you check if the for has been
posted:
manipulator = users.ChangeManipulator(user_id) # Let's get the
manipulator for a user
if request.POST:
On 8/22/06, cyberco <[EMAIL PROTECTED]> wrote:
>
> Max, I'm not sure I fully understand your reply. Currently I got things
> working by passing the user object to the template and returning its
> attribute values:
>
>
> value="{{user.is_superuser}}" />
>
>
> Is t
It's not a security hole if you are writing a user management
application. And this information is being made avaliable to a trusted
"administrative user".
However, if you are using this data to re-populate a user object or
edit user info, or for any purpose not administrative, and not
validating
On 8/22/06, cyberco <[EMAIL PROTECTED]> wrote:
>
> Max, I'm not sure I fully understand your reply. Currently I got things
> working by passing the user object to the template and returning its
> attribute values:
>
>
> value="{{user.is_superuser}}" />
>
>
> Is t
This is a major security hole. Just because a field is hidden doesn't
mean it cannot be changed. Use the request.user object for
authentication purposes. The authentication docs should give you an idea
what to do.
cyberco wrote:
> Max, I'm not sure I fully understand your reply. Currently I got
Max, I'm not sure I fully understand your reply. Currently I got things
working by passing the user object to the template and returning its
attribute values:
Is this a security hole?
--~--~-~--~~~---~--~~
You received this mes
On 8/22/06, cyberco <[EMAIL PROTECTED]> wrote:
>
> I want to pass the user.is_superuser attribute through a form without
> enabling the user to edit it, so I use a hidden field. Like this:
>
> TEMPLATE=
> value="{{userWrapperForm.is_superuser}}" />
> =
>
> Weird en
I want to pass the user.is_superuser attribute through a form without
enabling the user to edit it, so I use a hidden field. Like this:
TEMPLATE=
=
Weird enough this results in the following HTML:
=HTML
" />
=
And when submit
18 matches
Mail list logo
