Wednesday, November 23, 2011

Re: Django : CSRF and variable handling in a view

Thanks again, Indeed that is nice to know !

Unfortunately I guess I'm still bound to use
request.user.is_authenticated() in my view in this case :

def index(request):
if request.user.is_authenticated():
return render_to_response('index.html',
{'has_account': True})
if request.method == 'POST':
form =
SignupForm(request.POST,error_class=DivErrorList)
if form.is_valid():
return HttpResponseRedirect('/thanks/')
else:
form = SignupForm()
return render(request,'index.html', {'form': form})

If I don't check anywhere in the view if a user is authenticated, he
can still use the form to post data and my goal is that if a user is
authenticated he can't ( in the template if a user is authenticated it
doesn't display the form ).
I'm aware that it kind of defy the DRY principle because I have to
check both in the view and in the template if a user is authenticated
but I haven't found another way :(

In this perspective is it still better at the beginning of my view to
put :

if request.user.is_authenticated():
return render(request,'index.html')

which will pass the whole requestcontext and check in the template :
{% if user.is_authenticated and user.is_active %}

or not pass the whole context like so :

if request.user.is_authenticated():
return render_to_response('index.html',
{'has_account': True})

and check in the template {% if has_account %}. I wonder because it
may be useless here to pass the whole requestcontext and it uses the
same amount of code to write both solutions. What do you think ?

Thanks,
Nolhian

On Nov 23, 2:31 pm, Ivo Brodien <i...@brodien.de> wrote:
> no problem.
>
> > I also pass has_account=True in the view if the user is authenticated.
>
> in this case in your template you can just do:
>
> {% if user.is_authenticated and user.is_active %}
>
> That is the advantage of using RequestContext.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment