Folks
I need to get my users to submit a form, the result of which is a an
update of one column of one row of my database table. For security
reasons the Django database user only has privileges to update a
single column of this table (and select privs on the rest).
However, when I submit the form, I note that the database UPDATE
command that was received updated ALL columns except the primary key,
which was used in the WHERE clause.
Here is some very simple Form code (I'm new to Forms, so bear with
me... Thanks for your help Shawn...)
class TcsDetectionListsForm(forms.Form):
name = forms.CharField()
def candidateWithForm(request):
detectionListRow = TcsDetectionLists.objects.get(pk=0)
if request.method == 'POST':
form = TcsDetectionListsForm(request.POST)
if form.is_valid(): # All validation rules pass
detectionListRow.name = form.cleaned_data['name']
detectionListRow.save()
else:
form = TcsDetectionListsForm(initial={'name':
detectionListRow.name })
Here's what happened in the database (from the DB log):
223592 Query UPDATE `tcs_detection_lists` SET `name` = 'rubbish',
`description` = 'Bad Candidates' WHERE `tcs_detection_lists`.`id` = 0
We shouldn't be updating the 'description' column.
If my security settings were in place, the above query would fail,
because the Django DB user only has update access to the 'name' column
for this table.
The actual table that will be updated eventually has a much larger set
of columns, with lots of doubles & floats. I really don't want to be
re-writing the entire row and I really don't want to have to resort to
raw SQL. Any ideas (preferably with an example)?
Cheers,
Ken
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
