In Django,
How can we store user specific data?
I'm trying to creating a django web app, where user needs to remember the order of random sequence fetched from database.
I have two functions in my views, home and result
I tried to store random sequence generated by home function into a global variable, and use that to validate in results function.
But , I think this can serve only one user at time
What if second user requested for home page and that cause change in global variable, resulting unable to validate first user.
You can tackle the problem with Django Session.
In home view you can set variables by :
request.session['varibale_name'] = varibale_value
You can access these variables in result view by :
request.session['varibale_name']
After job done you can also delete the session variable by :
del request.session['varibale_name']
Related
I'm trying to extract the values of a Select field, from a JSON file that houses the translations. The problem is caused by the get_locale() function, which can only be called within 'context.'
This is the form select-field:
brand = SelectField(choices=generate_brands(get_locale()),validators=[Optional()])
is there a way to load this specific field only when called inside of a view when the request variable is available?
If I well understood, you want to populate the SelectField depending of the language of the user. There are several ways to have dynamic SelectField, see Oleg's answer for a good example: https://stackoverflow.com/a/48236887/11405279
i'm creating a app.it has manytomany field to store data about class and students.
urls.py
url(r'^class/(?p<title>[-\w]+)/(?p<id>[\d]+)/',views.list,name ='list'),
Basically one user(Teacher) can create many class_room .Each class_room have one title and many students following in that class.
problem is:
Each class_room have unique url. Eg (mywebsite.com/science/88/) this link is access only for following students not for anonymous user.This is a loop hole if any non following students try some random url like this they could see the page (mywebsite.com/maths/2500/).
How to restrict a student from access a page which he is not following?
the UserPassesTestMixin mixin can be used to this effect. Basically, write a View Class that implements the test_funcfunction. This function has access to self so you can read the URL and the user. if the test_func returns True, the user is allowed to go on, otherwise is passed to access control (probably redirected to the login form if configured).
I want to create a "Sign up for our newsletter" pop up that has a "No thanks" button.
I want Django to remember that the user clicked the "No thanks" button.
What I know is that sessions/cookies are set in their respective views. I see examples on StackOverflow of them set in the home/index view. What if the user visits a different page? Then the session variable won't be set unless they visit that one page.
I'd like for the same variable set regardless of what page they view.
Once a session variable is set, it is set across your whole app. If you have access to the request, you get it like this:
request.session['idempresa']
You set it once in a view (or in some middle ware) and it's available anywhere you have access to a request. That's how http sessions work.
I'm using Eve framework and I'm trying to use User-Restricted resource access as described in:
http://python-eve.org/authentication.html#user-restricted-resource-access
I'm doing something like:
class CustomAuth(TokenAuth):
def check_auth(self, token, allowed_roles, resource, method):
# Get user as an instance of UserResource.
if user and hasattr(user, 'id'):
self.set_request_auth_value(user['id'])
request.authenticated_user = user
...
So, there are a few question from my side:
Is it enough for using User-Restricted Resource Access?
How this field adds into user created objects?
Is this additional field called id in my user created objects? Is it possible to rename it?
As I understand it should be named same as it's called in User resource. Is it true?
Does this field (property) applies for newly created objects only? Is it possible to fetch previously created objects by current user following this way?
Well, I want to know an answers for my questions + clarify how it may be used.
Is it an expected way to extract it somehow in my hooks?
user_id = current_app.auth.get_request_auth_value()
current_app.data.driver.session.query(resource).find({'id': user_id})
Is this block of code from hook expected?
How it behaves if my requested resource has its own id field?
P.S. I was reading a post:
https://stackoverflow.com/a/35654252/7335432
The user-restricted access feature prevents users from accessing records they didn't create. The set_request_auth_value() method does:
1) Upon making a POST request to create a record, it automatically adds a field specified as AUTH_FIELD (or auth_field if you only want to do it to a specific resource). So for example, if you declare in settings.py
AUTH_FIELD = "my_auth_field"
and then add
set_request_auth_value(user['id'])
to your authentication method, that means that your app creates a field "my_auth_field" that has its value set to whatever user["id"] is. So if you were to go into Mongo Compass or some other DBMS and manually inspect your records, you'd see a "my_auth_field" field in there.
2) On GET requests when you access those records, Eve checks the "my_auth_field" value against whatever user["id"] is, and only displays the records where "my_auth_field" is equal to user["id"]. Since this field is added automatically when you create a record using Eve, it effectively filters out everything that specific user didn't create.
So yes, it only applies to newly created objects. I'm not sure exactly what you mean by "is it enough", but it doesn't look like 'user' is declared anywhere in your authentication class. You might wanna check out this tutorial they do incorporating user restricted access into token authentication.
I would like to set the value of a field in multiple rows of Django Admin.
For example if I had database of books with shelf locations I might move several books to another shelf. I need a way, within Django Admin, to input the new shelf location and update the multiple selected items.
I have seen that you can run Admin Actions but I need an easy way to input a value into the action.
You can do this with admin actions, by providing an intermediate page with a form to input the value you want:
https://docs.djangoproject.com/en/1.8/ref/contrib/admin/actions/#actions-that-provide-intermediate-pages
Alternatively you could use some client-side scripting to collect the value from the user and append it to the querystring (or as an extra input field int he POST data) when submitting the admin action form.
Your admin action function receives the request object as an argument so has access to the extra GET/POST fields:
https://docs.djangoproject.com/en/1.8/ref/contrib/admin/actions/#adding-actions-to-the-modeladmin