|
That's interesting. Can you give me an example of such a query set, model manager or mixin that would handle this? The app I'm building sometimes traverses relationships 3-4 levels deep for ownership, maybe more on some off occasion unless I choose to denormalize a bit later on. I would rather provide selectable choices that can only be fed back to the app without worrying about manually validating ownership on the way back in via POST. Not to mention that many of my forms don't match up well with models. Where I am trying to provide simple single form input that might hit 3 or 4 models on a single atomic transaction during a create or update. Ahz fucked around with this message at 14:50 on Mar 16, 2014 |
# ? Mar 16, 2014 14:48 |
|
|
# ? Jun 5, 2024 23:52 |
|
Ahz posted:That's interesting. Can you give me an example of such a query set, model manager or mixin that would handle this? I'm not at my dev PC right now, but roughly something like Python code:
I think the basic idea works however complex your forms are as somewhere, somehow you're looking up objects, so wherever you're getting the queryset you just make sure to pass in the filter for the owner. In the example of using a validator on the form to make sure it's a valid object...I don't think you'll need that as the user won't have access to a queryset of objects they don't own so if they try deleting something that's not in the queryset they'll get back a field error. So, basically, how this works is you make sure your models all have the owner field, and slap this mixin on your CBV's.
|
# ? Mar 16, 2014 16:32 |
|
I am doing a project just now involving Django and have ran into some trouble. I have a view that deals with users using Bing searches on a certain page, like topics/Python/ (lets call this Page A) To do this search, I do it from this page and POST it to this same page also. I have a page that shows web query history, for example, topics/Python/History (lets call this Page B) When I try to POST from the History page (to re run a previously searched term) to the search page then it works, but, it doesn't render Page A when its finished. It just sits on Page B. I know that the POST triggers the view properly, the same view that is used for Page A, and it gets right down to the end when I return render_to_response(blah Page A) but then it doesnt actually render it When I do a search normally, while sitting on Page A, it renders fine I have a live version of my work in progress just now and could show that if it owuld helpt. I can also post code but there is so much that it would be hard to quarentine and was just wondering if this was obvious to anyone I am doing the POST from the History page using a button that has some javascript attached
|
# ? Mar 17, 2014 00:17 |
|
Thermopyle posted:I'm not at my dev PC right now, but roughly something like Thanks, I guess I don't understand or I didn't see anything in the CBV documentation about restricting input for forms against the choices/queryset that came in. Is there an automatic function or process that I'm not catching that disallows a malicious user from tampering with a form to input their own id's or other identifiers in a form aside from those returned in a set?
|
# ? Mar 17, 2014 19:01 |
|
Ahz posted:Thanks, The get_object() method checks for the pk in the queryset returned by get_queryset(). If you've overridden get_queryset() to return a queryset filtered by user, it doesn't matter if the client POSTs a pk you don't want them to...if it's not in the queryset returned by get_queryset(), then get_object() will raise a 404. Of course, I don't know if that's explicitly stated anywhere in the docs...the CBV documentation isn't that great. I don't even know if it's possible to write great documentation for the CBV system as it's so flexible. The best documentation by far is http://ccbv.co.uk and that still requires a lot of going back and forth and re-reading to grok.
|
# ? Mar 17, 2014 20:06 |
|
Ahz posted:Thanks, Disallowing choices in a form != disallowing choices in a view. If you need to disallow choices in a form, pass in the user (assuming that's how you're filtering choices) and then override the choices queryset for the given field). You'll want to pop the user off before you super(). code:
code:
EDIT: Or, if you set up a custom QuerySet and ModelManager, that last line might be something like code:
MonkeyMaker fucked around with this message at 21:56 on Mar 17, 2014 |
# ? Mar 17, 2014 21:00 |
|
MonkeyMaker posted:Disallowing choices in a form != disallowing choices in a view. This is all great, thanks. But I still don't see how these CBVs disallow someone taking a form list of values of let's say employee id/pk's (already queried just to include their own business's employees) and maliciously submit another company's id/pks to remove employees from the system during a POST on 'employee deleter view' or whatever. A malicious user can disregard their form choices and just send any old garbage data and it could still compromise the system even if it makes it past the default form validation methods for format/sql injection checking. e.g. bad user sees select box of employees to delete or 'fire' emp.ids 1-10. Bad user submits emp.id 12 just for fun and deletes some other business's emp.id. Now I already build input validation into the form, but I had the impression from you two that somehow CBV's can already counter that kind of bad input already. I am really just starting to get my head wrapped around CBVs.
|
# ? Mar 17, 2014 23:37 |
|
Ahz posted:This is all great, thanks. No, they can't. DeleteView uses a form, which must pass validation, for what to delete. Same with CreateView and UpdateView. Since your form sets the available choices out of any band that the submitter has access to, their new selections won't be part of the available choices and the form will fail validation. It's not the CBVs that make this work (as you can do all of this in an FBV too), it's the forms and controlling querysets. If my UpdateView's queryset only contains items related to the user, and they try to edit something not in that queryset, Django will throw a 500. If the form they submit doesn't validate, Django won't continue with saving it or moving past it.
|
# ? Mar 17, 2014 23:57 |
|
Well that is just fantastic. It's a good thing I didn't waste much time on more validators then.
|
# ? Mar 18, 2014 00:13 |
|
Ahz posted:Well that is just fantastic. It's a good thing I didn't waste much time on more validators then. You're using a framework for a reason Let it do the work for you
|
# ? Mar 18, 2014 00:20 |
|
(Yay double posting) Just put out version 1.0 of django-heythere. It's a pretty straightforward app to provide you with notifications for users. They can be sent through email or you can just show them on the site, up to you. There's nothing in the app for per-user configuration of "show me notifications of type X but not type Y" (that's up to you) but you can have multiple notification types and each of them can decide whether or not to send emails, disappear once they're read, etc.
|
# ? Mar 18, 2014 21:53 |
|
I'm trying to combine jQueryUI with Django, and I think the only problem so far is linking to the images. In a non-Django page I put the images folder next to jquery-ui.css and all is peachy. In Django I have the requisite static folder with the same, but the images don't show and it doesn't report any errors in the console. How do I solve this?
|
# ? Mar 23, 2014 12:26 |
|
Static folders are always irritating to me. Do you have the static stuff in settings.py set up? In other news, I finally broke down and made real unit tests for class based views on the project I'm working on. If you're unaware, the django test client doesn't really do unit tests. Since it hits all sorts of points in the Django framework its really doing integration tests. This post describes how to do actual unit tests. Thermopyle fucked around with this message at 17:32 on Mar 23, 2014 |
# ? Mar 23, 2014 17:30 |
|
Thermopyle posted:Static folders are always irritating to me. Do you have the static stuff in settings.py set up? I feel like a complete moron. I copied code:
|
# ? Mar 23, 2014 17:49 |
|
Does anyone have any ideas about an alternative to django-storages + boto + Amazon S3 support for Python 3? I'm not sold on S3, I just need something that will work with Django and Python 3 for serving static files for a Heroku-hosted app. Every god drat time I decide to give Python 3 a go, some library I need isn't supported. I forgot (my fault entirely) I would need this at the beginning of this project and didn't check out django-storages Py3k support. Now I've got a bunch of time invested in a Python 3 codebase and apparently django-storages won't work. Color me frustrated.
|
# ? Mar 24, 2014 02:12 |
|
Thermopyle posted:Does anyone have any ideas about an alternative to django-storages + boto + Amazon S3 support for Python 3? I'm not sold on S3, I just need something that will work with Django and Python 3 for serving static files for a Heroku-hosted app. From what I understand, it's boto that's not Py3k-compatible. I know Daniel Lindsley was working on boto but not sure if he was focused on Py3k or not (I can ask when I see him at PyCon) but I'm sure they'd welcome any pull requests you can send them. I don't know of any alternatives, though. Sorry.
|
# ? Mar 24, 2014 03:10 |
|
MonkeyMaker posted:From what I understand, it's boto that's not Py3k-compatible. I know Daniel Lindsley was working on boto but not sure if he was focused on Py3k or not (I can ask when I see him at PyCon) but I'm sure they'd welcome any pull requests you can send them. Reading the comments here, it looks like it's not a big priority for boto. I'm hoping I don't have too much trouble converting back to Python 2.7. I think I'm swearing off of Py3k for another year.
|
# ? Mar 24, 2014 04:39 |
|
Thermopyle posted:Reading the comments here, it looks like it's not a big priority for boto. I asked our python team for you and they said: """ Indeed, point him to this: http://whitenoise.evans.io DJ-Static doesn't support Python 3 yet, and since this project so so beautifuly robust, it will likely start simply deferring user to this """
|
# ? Mar 24, 2014 04:42 |
|
Has anyone got any experience with https://github.com/holgerd77/django-dynamic-scraper ? It looks almost perfect, except that it seems designed just to scrape into a single model, eg an Article with a heading and body, but not a model with a foreign key, eg an Article with an Author field (along with a body and heading) Does anyone know if it can do both?
|
# ? Mar 24, 2014 08:47 |
|
Pardot posted:I asked our python team for you and they said: Oh, nice, thanks for looking in to that. What's the recommended solution for MEDIA_ROOT and MEDIA_URL? That is, user-uploaded files?
|
# ? Mar 24, 2014 15:51 |
|
Thermopyle posted:In other news, I finally broke down and made real unit tests for class based views on the project I'm working on. If you're unaware, the django test client doesn't really do unit tests. Since it hits all sorts of points in the Django framework its really doing integration tests. This post describes how to do actual unit tests. I have coworkers who complain about the same thing and all it ever results in them writing a bunch of unit tests where they mock the return value of a function, and then check that their view returns that return value that they mocked. And then they don't write the integration tests that actually check that the framework works the way they expect it to, so their code doesn't actually work or breaks when they make a trivial change to another layer. The whole thing seems borne out of this weird pedantry that doesn't really result in any actual code improvement. If 100% of your code is dealing with a complicated framework that hides a ton of magic, you might as well test the magic while you write your code, regardless of whether it's an 'integration' or 'unit' test.
|
# ? Mar 24, 2014 23:27 |
|
evensevenone posted:I have coworkers who complain about the same thing and all it ever results in them writing a bunch of unit tests where they mock the return value of a function, and then check that their view returns that return value that they mocked. That's certainly a danger of all sorts of unit tests. I usually want to test an overriden get_queryset or get_context_data. Given the method espoused in that link I shared (scroll down to the section "Mimic as_view()", it's easy to instantiate a view and test just your one overridden method. Not the least of the benefits is that tests run a lot faster.
|
# ? Mar 24, 2014 23:48 |
|
Thermopyle posted:That's certainly a danger of all sorts of unit tests. You can always check `response.context` to test your overridden `get_context_data`. And `assertQuerysetEqual` would test the overridden `get_queryset`, wouldn't it?
|
# ? Mar 25, 2014 17:15 |
|
MonkeyMaker posted:You can always check `response.context` to test your overridden `get_context_data`. And `assertQuerysetEqual` would test the overridden `get_queryset`, wouldn't it? (All these following make it sound like I'm more confident than I actually am. I'm more like playing devil's advocate, except I kind of agree with the viewpoint...though I'm not positive it's right.) Yeah, it's definitely possible to test your overridden methods with the Django test client. You just can't test them in isolation, which I find extremely valuable for speedy tests and refactoring support. It's kind of like, you can can test your overridden methods with Selenium too, it's just a higher level of abstraction than what is useful. Or, rather, it's not the only level of abstraction that is useful. I certainly wouldn't say you shouldn't use the Django test client, I'd just say that if you want to do actual unit tests in addition to integration tests (which is a good idea probably), it's possible. Not only is it possible, it's actually really easy, so you're not losing much of anything by implementing it. It looks like this may make it in to core Django.
|
# ? Mar 25, 2014 20:13 |
|
I'm not arguing against real unit tests for Django views, I just think, for most people and most applications, it's probably enough to do integration tests and call it a day.
|
# ? Mar 25, 2014 21:12 |
|
I hear you Thermopyle, especially cause I'm trying to set up a test rig for a front end web application, isolating components as much as possible for easier testing. The less layers of abstraction your tests are working through, the easier it is to see what failed the test and then immediately fix the problem. Sure you can test higher and higher, but it just means there's many more layers to investigate when an error comes up. Unit tests are usually pretty easy to create if the code they're testing is set up for it, and it compliments the broader integration tests that the test client is suited for. edit: but yeah, there is that too MM. I know if I'm just assembling off the shelf components with dumb as rocks views just using Django Rest Framework or something, I don't feel like there is a lot of testing that should be done beyond making sure JSON in and JSON out are behaving as they should.
|
# ? Mar 25, 2014 21:15 |
|
I'm in a similar position to Thermopyle in that I believe that all external code should be mocked wherever possible, so using factory-boy or similar (not fixtures, never fixtures) to mock the ORM. But I also dont think you can test a view properly by mocking things. Middleware, stupidly designed url confs (hello django-cms) etc will all conspire to ruin your day. Speaking as someone currently stuck upgrading a monster, mostly untested code base from django14 to django16, EVERY view needs, at a bare mininum: This view returns a 200 reponse if X. This view returns a non-200 response if Y. and This view uses the right loving URL.
|
# ? Mar 26, 2014 10:02 |
This is a really basic/naive question, but what's the best practice for incorporating multiple views on the same page? For example, let's say I'm trying to recreate a dashboard similar to this: http://wrapbootstrap.com/preview/WB0P7N378 Do I create a function-based view that calls multiple functions to create a single context object that can populate all data tables/charts on the page? Start with a class-based view that covers most of the required data (e.g., listview, detailview) and use get_context_data to update the context object? All output pages would contain data from multiple applications and models. Any open source projects that would be helpful to reference that are heavy on data visualization? D3.js and related django wrappers like nvd3 the best way to go?
|
|
# ? Mar 27, 2014 02:30 |
|
KingNastidon posted:This is a really basic/naive question, but what's the best practice for incorporating multiple views on the same page? For example, let's say I'm trying to recreate a dashboard similar to this: http://wrapbootstrap.com/preview/WB0P7N378 This is where custom template tags, especially inclusion tags, start to make a lot of sense.
|
# ? Mar 27, 2014 16:43 |
|
Will I get shouted at for suggesting that the best solution for a dashboard like that is a Django REST backend and an angularjs front end?
|
# ? Mar 27, 2014 17:08 |
|
KingNastidon posted:This is a really basic/naive question, but what's the best practice for incorporating multiple views on the same page? For example, let's say I'm trying to recreate a dashboard similar to this: http://wrapbootstrap.com/preview/WB0P7N378 Personally, I think I'd start out with TemplateView and then in get_context_data drop what I needed into the context. Then do what you want in the template. edit: NtotheTC posted:Will I get shouted at for suggesting that the best solution for a dashboard like that is a Django REST backend and an angularjs front end?
|
# ? Mar 27, 2014 17:08 |
|
NtotheTC posted:Will I get shouted at for suggesting that the best solution for a dashboard like that is a Django REST backend and an angularjs front end? This is probably the best answer (sub favorite JS framework for Angular if needed) if you don't have to have an "OMG ONLY DJANGO" site.
|
# ? Mar 28, 2014 00:37 |
|
I've just basically bruteforced my way into ajax-posting and then also showing what's been done on the page with jQuery. This is better than videogames! At least to me it sounds like bruteforcing: typing my associations with what seems to be broken into Google and copy-pasting results until it worked (to exaggerate somewhat).
|
# ? Mar 31, 2014 00:24 |
|
I'm looking at creating an intranet page of sorts, that needs to be able to auth users against AD, read data from a DB and create .docx documents using, in part, information provided by users via forms on the intranet page. At the risk of being laughed off this planet, I'm not a professional coder, having pretty much done just CodeAcademy python and have a few reference books at home. Would Django be the right place for me to start?
|
# ? Mar 31, 2014 04:18 |
|
Muslim Wookie posted:I'm looking at creating an intranet page of sorts, that needs to be able to auth users against AD, read data from a DB and create .docx documents using, in part, information provided by users via forms on the intranet page.
|
# ? Mar 31, 2014 09:32 |
I wrote a python script for my Django app that is intended to be scheduled as a cron job. What folder should this file live in? Or should it be a Custom management command? edit: and a followup question since I think a custom admin command is the right answer: My admin command uses self.stdout.write, but it calls other methods that use logger.info('butts'). Can my custom admin command adjust the logger config so those messages are included if they are called by the admin command? fletcher fucked around with this message at 02:38 on Apr 1, 2014 |
|
# ? Apr 1, 2014 01:53 |
|
fletcher posted:I wrote a python script for my Django app that is intended to be scheduled as a cron job. What folder should this file live in? Or should it be a Custom management command? Management command is the correct assumption. As for your follow up I wrote a utility function that writes both to the logger and/or to stderr/stdout depending on the production status of the server, or a keyword argument.
|
# ? Apr 1, 2014 05:57 |
Awesome, thanks for the tip! Is there any way to get the test database to stick around after a failed run? I wanna poke around in the data to diagnose why it failed.
|
|
# ? Apr 2, 2014 20:08 |
|
fletcher posted:Awesome, thanks for the tip! I don't know about that, but I generally like to get knee deep in it with ipdb. You can use it to pinpoint the exact point of failure and use django's orm directly rather than the db.
|
# ? Apr 2, 2014 20:23 |
|
|
# ? Jun 5, 2024 23:52 |
From the Model.clean docs:quote:This method should be used to provide custom model validation, and to modify attributes on your model if desired. For instance, you could use it to automatically provide a value for a field So I've got: Python code:
code:
|
|
# ? Apr 5, 2014 01:00 |