ahh okay,
then I simply create two model forms.
class CreateURLForm(ModelForm):
class Meta:
fields = ('url', 'name') # This will restrict the user to only
modifying this data
model = URLModel # Or whatever your model is called
class UpdateURLForm(ModelForm):
class Meta:
fields = ('name',) # Restrict user only to modifying the name
model = URLModel
On Mon, Jul 30, 2012 at 5:00 PM, Paul <pee...@gmail.com> wrote:
> That would be an option as well indeed. In fact i have 1 (base)-form for
> the model that i subclass for create, read and update operations. The
> difference is that create and update have a submit button, read doesn't,
> and in the read view, the fields are read-only.
>
> The website becomes authenticated using a background process, the idea is
> that as soon as it becomes authenticated the url cannot be changed any more.
>
> I have tested with readonly=True which works correctly apart from the fact
> that i don't think it's safe to only make the field readonly, i want to add
> some logic in the post-logic as well (so for example using custom
> validation).
>
> A simpler alternative is to remove the 'update' button altogether, but
> also in this case the view should also throw a 404 or 500 just in case
> someone manually modifies the url.... (which is by the way very easy to do
> so).
>
> Paul
>
>
>
> Op maandag 30 juli 2012 00:00:48 UTC+2 schreef Kurtis het volgende:
>>
>> Just to get some more information about the problem; Do you allow your
>> users to initially insert the Name+URL? When does this become
>> "authenticated"?
>>
>> Maybe you could have two forms. One that allows users to add new Name+URL
>> Objects (not sure what your object/Model is called) and another to allow
>> them to edit (Using Django's 'fields' meta attribute to limit them to only
>> modify the "Name" of the object)
>>
>> On Sun, Jul 29, 2012 at 5:47 PM, Paul wrote:
>>
>>> I have a model for Websites that has 3 fields: name, url and
>>> authenticated. With a form both the name and url can be changed, but when
>>> the website is authenticated i don't want to allow that the url changes.
>>>
>>> I'm thinking about making the url (form) field readonly but in html the
>>> field becomes still an input field (just with readonly="True"), so i have
>>> doubts whether hackers will be able to post a changed value anyhow (i'll
>>> need to test this).
>>>
>>> Another approach is to add some custom form validation against the
>>> (current) model, but i have doubts whether validation is the solution for
>>> this?
>>>
>>> Thanks for any directions
>>> Paul
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To view this discussion on the web visit https://groups.google.com/d/**
>>> msg/django-users/-/**urE06kkuNBIJ<https://groups.google.com/d/msg/django-users/-/urE06kkuNBIJ>
>>> .
>>> To post to this group, send email to django-users@googlegroups.com.
>>> To unsubscribe from this group, send email to django-users+unsubscribe@*
>>> *googlegroups.com <django-users%2bunsubscr...@googlegroups.com>.
>>> For more options, visit this group at http://groups.google.com/**
>>> group/django-users?hl=en<http://groups.google.com/group/django-users?hl=en>
>>> .
>>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/xn9xV2ukteUJ.
>
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
