Malcolm Tredinnick wrote:
> On Wed, 2006-10-11 at 22:45 -0500, Patrick J. Anderson wrote:
> [...]
>> Thanks for your comments, Malcolm. I realize that a determined person
>> could submit an altered form and edit other profiles.
>>
>> I guess this is not a Django-specific question, but what would be the
>> best way of preventing that from happening?
>
> You already know what you want the original value to be (False). So set
> it explicitly to False in the view prior to saving it upon creation.
> There is no need for the user's input to be involved for that attribute
> at all, so don't include it in the form.
>
> Regards,
> Malcolm
>
>
>
> >
>
Here's my wrapper for update_object view:
def edit_profile(request):
if not request.user.is_authenticated():
return HttpResponseRedirect('/community/login/')
from django.views.generic.create_update import update_object
from my_project.apps.community.models import Member
return update_object(request,
model = Member,
object_id = request.session['member_id'],
login_required = True,
template_name="community/profile_form.html",
)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
