Hi!
Ah, ok. Now it makes a more sense - index was indeed confusing.
Well in your template I would just make the check and show the form or not.
If your don’t show the form, the user cannot make a POST to the signup view
since he does not have a valid CSRF token.
Anyway, if the user is logged in there should not be a Link to the signup page
and even if he enters the signup form url by hand, he will see no form.
Ah, and don’t worry about the RequestContext. I don’t think that it causes any
important amount of overhead. The processing was done anyways before, so its
just a matter of making it available to the template or not. And you will see,
that you will use it often in your templates.
Ivo
On Nov 24, 2011, at 14:25 , Nolhian wrote
> Hello,
>
> First of all thanks for your answer !
> I think that the name I gave "index.html" is causing confusion. In
> fact that's the first view I created and so the only template I have
> at the moment and I awkwardly named it index.html, It should be named
> signup.html or something like that. I'm not looking to handle log in
> and logout here, just making sure that a logged user cannot sign-up
> again ( which would be a nonsense and in my opinion a flaw ),this is
> my signup form view which is located at /subscribe/.
>
> Is it better with these explications or does the approach I'm taking
> still feel weird ?
>
> Nolhian
>
> On Nov 24, 1:37 pm, Ivo Brodien <i...@brodien.de> wrote:
>> DrBloodMoney is right, It is kind of odd how you are solving the problem but
>> it might me kind of right depending on what you are trying to do.
>>
>> Considering how most of the websites work you should do this.
>>
>> In all the templates include another template which does this:
>>
>> {% if not user.is_authenticated %}
>> LINK Login | Link Sign Up
>> {% else %}
>> Logged in as username | Link Logout
>> {% endif %}
>>
>> Logout, Login and Sign Up are handled by different urls/views and not the
>> index or any other view
>>
>> if you want to make a view available only to authenticated users, use the
>> @login_required decorator.[2]
>>
>> If you are using the provided django.auth system the views for login, logout
>> are already there. In the settings you can define some behavior.
>>
>> See the settings LOGIN_REDIRECT_URL, LOGIN_URL, LOGOUT_URL [1]
>>
>> [1]https://docs.djangoproject.com/en/1.3/ref/settings/#login-url
>> [2]https://docs.djangoproject.com/en/1.3/topics/auth/#the-login-required...
>>
>> On Nov 24, 2011, at 3:31 , Nolhian wrote:
>>
>>
>>
>>
>>
>>
>>
>>>> This seems all sorts of wrong to me. Why couldn't the user just log
>>>> out and then post? Seems like an odd workflow, but I don't know your
>>>> business-case here.
>>
>>> Yes the user can just log out and then post but since this is a sign-
>>> up form it would seem logical to not be able to sign-up if the user is
>>> logged in which means he already has an account.
>>
>>>> You could always control what is shown to the user in the template (to
>>>> limit their ability to use your form to post to the view) with
>>
>>>> {% if not user.is_authenticated %}
>>>> SHOW FORM
>>>> {% else %}
>>>> you're logged in so you can't post
>>>> {% endif %}
>>
>>> That's kind of what I'm doing but I still need to check somewhere in
>>> the view if the user is logged in. If I don't the user can open the
>>> sign-up form page, then open another page of the site and log in, then
>>> switch back to the sign-up form page, send the form ( which will be
>>> validated in the view since there's no checking if the user is
>>> authenticated or not there ) and successfully sign-up again WHILE
>>> being logged in. To be able to do that just seems wrong to me.
>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Django users" group.
>>> To post to this group, send email to django-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> django-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group
>>> athttp://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
