On 8/22/06, cyberco <[EMAIL PROTECTED]> wrote:
>
> I want to pass the user.is_superuser attribute through a form without
> enabling the user to edit it, so I use a hidden field. Like this:
>
> ====TEMPLATE=========
> <input type="hidden" name="is_superuser" id="id_is_superuser"
> value="{{userWrapperForm.is_superuser}}" />
> =====================
>
> Weird enough this results in the following HTML:
>
> =========HTML========
> <input type="hidden" name="is_superuser" id="id_is_superuser"
> value="<input type="checkbox" id="id_is_superuser"
> class="vCheckboxField" name="is_superuser" />" />
> =====================
>
> And when submitted the received new_data for is_super user is:
>
> ===NEW_DATA=========
> 'is_superuser': ['<input type=']
> =====================
>
> Could it be that the user attributes are not 'passable' in a
> FormWrapper?besides the bad syntax, that I didn't even checked :), you should never want to do that, that is a security hole, take the superuser state from the correct object, take a look at the authentication manual if you don't know how. Max -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w++++ O- M-- V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z** ------END GEEK CODE BLOCK------ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
