That would be an option as well indeed. In fact i have 1 (base)-form for the model that i subclass for create, read and update operations. The difference is that create and update have a submit button, read doesn't, and in the read view, the fields are read-only.
The website becomes authenticated using a background process, the idea is that as soon as it becomes authenticated the url cannot be changed any more. I have tested with readonly=True which works correctly apart from the fact that i don't think it's safe to only make the field readonly, i want to add some logic in the post-logic as well (so for example using custom validation). A simpler alternative is to remove the 'update' button altogether, but also in this case the view should also throw a 404 or 500 just in case someone manually modifies the url.... (which is by the way very easy to do so). Paul Op maandag 30 juli 2012 00:00:48 UTC+2 schreef Kurtis het volgende: > > Just to get some more information about the problem; Do you allow your > users to initially insert the Name+URL? When does this become > "authenticated"? > > Maybe you could have two forms. One that allows users to add new Name+URL > Objects (not sure what your object/Model is called) and another to allow > them to edit (Using Django's 'fields' meta attribute to limit them to only > modify the "Name" of the object) > > On Sun, Jul 29, 2012 at 5:47 PM, Paul wrote: > >> I have a model for Websites that has 3 fields: name, url and >> authenticated. With a form both the name and url can be changed, but when >> the website is authenticated i don't want to allow that the url changes. >> >> I'm thinking about making the url (form) field readonly but in html the >> field becomes still an input field (just with readonly="True"), so i have >> doubts whether hackers will be able to post a changed value anyhow (i'll >> need to test this). >> >> Another approach is to add some custom form validation against the >> (current) model, but i have doubts whether validation is the solution for >> this? >> >> Thanks for any directions >> Paul >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/django-users/-/urE06kkuNBIJ. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/xn9xV2ukteUJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
