Re: Hidding form field based on logged on user

Sun, 28 Sep 2008 06:10:34 -0700 

Paddy Joy wrote:
> I have a model with a 'User' foreign key.
>
> class Domain(models.Model):
>       .
>         owner = models.ForeignKey(User)
>
> I have a requirement to only allow superuers to change the 'owner'
> field.
>
> I can do this by creating two model forms and excluding the 'owner'
> field from one:
>
> class DomainForm_superuser(ModelForm):
>         class Meta:
>                 model = Domain
>
> class DomainForm(ModelForm):
>         class Meta:
>                 model = Domain
>                 exclude = ('owner',)
>
> and then in my view I check if the current user is a superuser
>
> @login_required()
> def update_domain(request, domain_id):
>
>         d = Domain.objects.get(id=domain_id)
>
>         if request.method == 'POST':
>                 if request.user.is_superuser:
>                         form = DomainForm_superuser(data=request.POST,
> instance=d)
>                 else:
>                         form = DomainForm(data=request.POST,
> instance=d)
>
>                 if form.is_valid():
>                         form.save()
>                         return HttpResponseRedirect("/")
>         else:
>                 if request.user.is_superuser:
>                         form = DomainForm_superuser(instance=d)
>                 else:
>                         form = DomainForm(instance=d)
>
>         return render_to_response('domain_form.html', {"form": form},
> context_instance=RequestContext(request))
>
>
> This works but can anyone suggest a better/more efficient way of doing
> this?
>   

You could make your code slightly more readable by setting the form
class initially according to the user's type and then using it without
decisions lower down. This should work because the two forms have
exactly the same signatures:

@login_required()
def update_domain(request, domain_id):

    d = Domain.objects.get(id=domain_id)

    if request.user.is_superuser:
        formclass = DomainForm_superuser
    else:
        formclass = DomainForm

    if request.method == 'POST':
        form = formclass(data=request.POST, instance=d)
        if form.is_valid():
            form.save()
            return HttpResponseRedirect("/")
    else:
        if request.user.is_superuser:
            form = formclass(instance=d)

    return render_to_response('domain_form.html', {"form": form},
        context_instance=RequestContext(request))

I've tried to adjust your code's indentation to 4-per-level, so pardon me if 
I've screwed up the logic at the same time. I find 8 spaces makes the code much 
more difficult to read (especially after being wrapped by an email client).

regards
 Steve




--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to