> The easiest fix I can think of would be to put a hidden field in your > form that holds the id of the current user. This will put a 'user' > entry into your form data, which will allow the create/update generic > views to submit without error.
I definitely do not want to do this for security reasons. Just because it's hidden doesn't mean someone can't write a script to POST to my page with any user_id they want. And then I ask, what is the point of passing the generic view an object_id? Is there a better way to approach this problem? My code isn't set in stone, I'm ready and willing to learn to do it the right way. It makes sense in my head, but Django isn't following the same logic as I. > Another option would be to use the 'follow' argument in the > create/update generic views: this argument describes which attributes > of an object will be represented as field data; if you list the > attributes that _are_ present as fields, but exclude 'user', then the > error should go away. However, this assumes that UserProfile.user > is/will be assigned at some other time. I'm not sure I understand the 'follow' argument. I will look into it in the documentation. The UserProfile.user should already be populated. Afterall, a user is updating an existing UserProfile. Thanks for the feedback, Grant --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
