un3*_*33k 8 django django-class-based-views
在Django的基于类的UpdateView中,我排除了用户字段,因为它是系统内部的,我不会要求它.现在将Django传递给表单的正确方法是什么.(我现在怎么做,是我将用户传递到表单的init然后覆盖表单的save()方法.但我敢打赌,有一种正确的方法可以做到这一点.像隐藏的领域或者那样的东西性质.
# models.py
class Entry(models.Model):
user = models.ForeignKey(
User,
related_name="%(class)s",
null=False
)
name = models.CharField(
blank=False,
max_length=58,
)
is_active = models.BooleanField(default=False)
class Meta:
ordering = ['name',]
def __unicode__(self):
return u'%s' % self.name
# forms.py
class EntryForm(forms.ModelForm):
class Meta:
model = Entry
exclude = ('user',)
# views.py
class UpdateEntry(UpdateView):
model = Entry
form_class = EntryForm
template_name = "entry/entry_update.html"
success_url = reverse_lazy('entry_update')
@method_decorator(login_required)
def dispatch(self, *args, **kwargs):
return super(UpdateEntry, self).dispatch(*args, **kwargs)
# urls.py
url(r'^entry/edit/(?P<pk>\d+)/$',
UpdateEntry.as_view(),
name='entry_update'
),
像传递隐藏字段一样黑客攻击是没有意义的,因为这真的与客户端无关 - 这个经典的"与登录用户关联"问题应该在服务器端处理.
我把这种行为放在form_valid方法中.
class MyUpdateView(UpdateView):
def form_valid(self, form):
instance = form.save(commit=False)
instance.user = self.request.user
super(MyUpdateView, self).save(form)
# the default implementation of form_valid is...
# def form_valid(self, form):
# self.object = form.save()
# return HttpResponseRedirect(self.get_success_url())
| 归档时间: |
|
| 查看次数: |
9250 次 |
| 最近记录: |