Django community: Django Q&A RSS
This page, updated regularly, aggregates Django Q&A from the Django community.
-
Django | how can I let users edit thier own qustions
Well let's say that some user asked a question like me right now, how can I show only the question creator the option to edit and how to let him edit -
jqXHR doesn't give me XMLHttpRequest object
Hi I all i am building an application and currently using jquery ajax call. My ajax call looks like as following: $.ajax({ type: 'POST', xhr:function(){ var _xhr = new window.XMLHttpRequest() _xhr.upload.addEventListener('progress',function(event){ progressHandler(event); },false); console.log(_xhr) // this give me the exact XMLHttpRequest return _xhr }, url: window.location.href, data: formdata, processData:false, contentType:false, success:function(data,textstatus,jqXHR){ console.log(jqXHR) // This give me a normal object }, error:function(jqXHR,errortype,errorobj){ } }); The success function return me a normal object instead of XMLHttpRequest, but the xhr function return me the exact output which i need. Can anyone help me how to override the success jqXHR with the xhr function return value -
Forbidden (403) CSRF verification failed. Request aborted. Django + AngularJS
I'm running a Django v1.10.8 project. I have a form that's processed with AngularJS v1.5.6. I've put the project on a remote server that uses SSL, runs on HTTPS. When I try submitting my custom login form, I get this error: Forbidden (403) CSRF verification failed. Request aborted.. login_register.html login form here: <div ng-app="app" ng-controller="Ctrl"> <form method="post" name="loginForm" ng-submit="login()"> <fieldset ng-disabled="submittingForm"> <p> <input id="{{ login_form.username.id_for_label }}" type="email" name="{{ login_form.username.html_name }}" placeholder="Email" ng-model="login.email" required> </p> <p> <input class="form-control" id="{{ login_form.password.id_for_label }}" name="{{ login_form.password.html_name }}" placeholder="{% trans 'Password (8+ characters)' %}" type="[[[ login.showPW ? 'text' : 'password' ]]]" ng-minlength="{{ min_pw_length }}" ng-maxlength="{{ max_pw_length }}" ng-model="login.pw" required > </p> <button class="btn btn-primary" type="submit" ng-disabled="!login.email || !login.pw">{% trans "Log in" %}</button> </fieldset> </form> </div> login-register.js: var app= angular.module("app",[]); app.config(function($interpolateProvider, $httpProvider){ $interpolateProvider.startSymbol("[[["); $interpolateProvider.endSymbol("]]]"); $httpProvider.defaults.xsrfCookieName= "csrftoken"; $httpProvider.defaults.xsrfHeaderName= "X-CSRFToken"; }); app.controller("Ctrl", function($scope, $http, $window){ $scope.loginError= ''; $scope.login= function(){ $scope.submittingForm= true; $scope.loginError= ''; var formData= { "username": $scope.login.email, "password": $scope.login.pw }; $http.post( "login", JSON.stringify(formData) ).success(function(response){ if (response.success === false){ $scope.loginError= response.err_msg; $scope.submittingForm=false; return; } $window.location.href= GLOBAL_paths.home; }); }; }); Here's an excerpt my local_settings.py: SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True CSRF_COOKIE_HTTPONLY = True X_FRAME_OPTIONS = "DENY" SECURE_HSTS_SECONDS = 60 SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True SECURE_SSL_REDIRECT = True ... -
Handle parallel request in Django
I have created an API in DRF which accepts POST request with some data, It checks a value in Student table and creates data in DB if value is False and set the value to True(after creating the data). But when someone hits the API multiple time in parallel(let 20 requests in parallel), It creates multiple objects for user (Not 20 but more than 1) because multiple requests read the same value at same time and create the data. I want to process only one API call on same endpoint and same IP at a time. How can I achieve it? -
Attempting to connect to LDAP using django-python3-ldap but the target machine is actively refusing it
I am working on a django app and attempting to use django_python3_ldap to connect to my company's LDAP and AD. I followed the docs basic settings in my settings.py but when I try doing python manage.py ldap_sync_users I get this error LDAP connect failed: ('unable to open socket', [(datetime.datetime(2018, 5, 25, 12, 25, 36, 77877), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket connection error while opening: [WinError 10061] No connection could be made bec ause the target machine actively refused it',), ('::1', 389, 0, 0)), (datetime.datetime(2018, 5, 25, 12, 25, 37, 78809), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket connection error while opening: [WinError 10061] No connect ion could be made because the target machine actively refused it',), ('127.0.0.1', 389))]) CommandError: Could not connect to LDAP server Here is my settings.py file import os import ldap from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, NestedActiveDirectoryGroupType # Baseline configuration. AUTH_LDAP_SERVER_URI = "ldap://***.**.***.**" LDAP_AUTH_CONNECTION_USERNAME = 'usr@ab.com' LDAP_AUTH_CONNECTION_PASSWORD = '*******' # The LDAP search base for looking up users. LDAP_AUTH_SEARCH_BASE = "ou=people,dc=example,dc=com" # The LDAP class that represents a user. LDAP_AUTH_OBJECT_CLASS = "user" # Keep ModelBackend around for per-user permissions and maybe a local # superuser. AUTHENTICATION_BACKENDS = ( 'django_python3_ldap.auth.LDAPBackend', 'django.contrib.auth.backends.ModelBackend', ) DEBUG = True LDAP_AUTH_USE_TLS = False # User model fields mapped to ... -
how to display checkboxes depending on loaded entry of a model
I have a model named Publication that has several fields among them a field called tags, and I'm using for it django-taggit. I have a page that I display in it some entries of Publication model, I want to display (as checkboxes) on sidebar tags that used only in these entries. This is a portion of my code: class TagsForm(forms.ModelForm): tags = forms.ModelMultipleChoiceField( queryset=Tag.objects.all(), widget=forms.CheckboxSelectMultiple) class Meta: model = Publication fields = ['tags'] def __init__(self, *args, **kwargs): super(TagsForm, self).__init__(*args, **kwargs) if self.instance: entries = Tag.objects.all() self.fields['tags'].queryset = entries -
How to add constraint on model/serializers in django
I want to create a model to store information when a person's face shows up. The model is as below: class Face(models.Model):person = models.ForeignKey(Person, on_delete=models.CASCADE) class Log(models.Model):host=models.ForeignKey(Person, on_delete=models.CASCADE) face = models.ForeignKey(Face, on_delete=models.CASCADE) When I create a log, it can create a wrong one with a person having the face that does not belong to him. How can I fix that? Or how to put constraints in the model/serializer that let the face only link to the Face of the host -
Django/Jquery GET Request to download csv file
I am searching for python/jquery related answer but I havn't been lucky so far! I am trying to download csv file sent by a server via AJAX GET call. I am able to download it successfully via blocking-get request but I want to achive the same via ajax. Python/Django View header = None rows = [] for student in students: if not header: header = get_header() rows.append(header) rows.append([student.id, student.name, student.marks]) buf = StringIO() writer = csv.writer(buf) for row in rows: writer.writerow(row) response = HttpResponse(buf.getvalue(), content_type='text/csv') response['Content-Disposition'] = 'attachment' return response AJAX GET Request <script> $(document).ready(function () { $('#download-grades').on('click', function (event) { event.preventDefault(); var grades_csv_url = $(event.target).data().url $.ajax({ url: grades_csv_url, type: 'GET', // dataType: 'text/csv; charset=utf-8', success: function (response, status, xhr) { console.log('-') }, error: function (jqXHR) { console.log(jqXHR.responseText); // the response is always received in error not in success. } }); }); }) </script> Whats Next? I want to start downloading the file when the csv response is received. -
Django Inline form validation ignored partly filled form
I have got the code from https://github.com/adandan01/mybook, the code is working fine, even when I have updated it to Django 2. It's very simple project for adding a person in a form, and his/her relatives in the inline form. Everything works but when I add a relative name and forget to add his relationship, and submitted the form, unfortunately, that record will not pass the validation but will give no error messages as well. Django will ignore the entire record. For example, the record for Hawra in the image, will not be saved and Django will remove it. For this simple App there are only two fields to be filled (name and relationship), but I'm working on app with 8 fields, and it will be difficult to lose the data. is there any way to make django do the validation in the formset/subform as long as any fields have data and will ask the user to fill all required fields? models.py: class Profile(models.Model): first_name = models.CharField(max_length=100) last_name = models.CharField(max_length=100) created_date = models.DateTimeField(default=timezone.now) def get_absolute_url(self): return reverse('profile-update', kwargs={'pk': self.pk}) def __unicode__(self): return "%s %s" % (self.first_name, self.last_name) class FamilyMember(models.Model): profile = models.ForeignKey(Profile, on_delete=models.PROTECT) name = models.CharField(max_length=100) relationship = models.CharField(max_length=100) form.py class ... -
Complex Django permissions
I'm working with the following models in a django project. The effective relationship is that a District can have multiple Schools, a School can have multiple Students, and a Student may have multiple Cases. class District(models.Model): name = models.CharField(max_length=50) ... class Meta: permissions = ( ('view_district', 'Can view district') ... ) class School(models.Model): name = models.CharField(max_length=50) ... district = models.ForeignKey( District, on_delete=models.PROTECT, related_name='schools', related_query_name='school', ) class Meta: permissions = ( ('view_school', 'Can view school') ... ) class Student(models.Model): name = models.CharField(max_length=50) ... school = models.ForeignKey( School, on_delete=models.PROTECT, related_name='students', related_query_name='student', ) class Meta: permissions = ( ('view_student', 'Can view student') ... ) class Case(models.Model): name = models.CharField(max_length=50) ... student = models.ForeignKey( Student, on_delete=models.PROTECT related_name='cases', related_query_name='case', ) class Meta: permissions = ( ('view_case', 'Can view case') ... ) A user may be assigned: a specific case a specific student (which would include all cases for that student) a specific school (which would include all students for that school, and thus all cases for the students at that school) a specific district (which would include all schools for that district, all students that attend those schools within that district, and all cases for students that attend those schools within that district) Users (other ... -
Django + Activemq and long running connections in the Webserver
I have been using stomp.py and stompest for years now to communicate with activemq to great effect, but this has mostly been with standalone python Daemons. I would like to use these two libraries from the webserver to communicate with the backend, but I am having trouble finding out how to do this without creating a new connection every request. Is there a standard approach to safely handling TCP connections in the webserver? In other languages, some sort of global object at that level would be used for connection pooling. -
Adding field to form only if the model field is blank
I want to have a form that populates fields to edit only if they are left blank. For example: class UserEditConcert(forms.ModelForm): class Meta: model = models.Concert fields = ( 'genres', ) if not model.time: fields += ('time',) if model.age == "Unknown": fields += ('age',) Neither of my if statements are working. Is my syntax wrong or is this not working for some other reason? -
Django/Bootstrap template rendring
I'm currently coding a website using Django and Bootstrap. I created the templates and models first, and now, I'm implementing the controllers. All is not implemented yet, but I needed some help on this. I was wondering how to render a Django authentication form with the Boostrap grid system. I'm using Boostrap 4 and Django 2.0.4. My older form was like this : <div class="jumbotron"> <form class="form-horizontal" method="post" action="{% url 'login' %}"> {% csrf_token %} <div class="form-group"> <div class="col-lg-4 offset-lg-4"> <label class="control-label" for="usernameInput">{{ form.username.label_tag }}</label> <input id="usernameInput" type="text" name="{{ form.field.html_name }}" value="{{ form.username }}" class="form-control" placeholder="Username"> </div> </div> <div class="form-group"> <div class="col-lg-4 offset-lg-4"> <label class="control-label" for="passwordInput">{{ form.password.label_tag }}</label> <input id="passwordInput" type="password" name="{{ form.field.html_name }}" value="{{ form.field.value }}" class="form-control" placeholder="Password"> </div> </div> <div class="container" id="btn_login"> <button type="submit" class="btn btn-primary btn-md" value="login" role="button">Log in</button> <input type="hidden" name="next" value="{{ next }}"/> </div> </form> <span class="container" id="forgotten_password"> <a href="">Forgot your password ?</a> </span> </div> And here is the new one : <div class="jumbotron"> {% load widget_tweaks %} <form class="form-horizontal" method="post" action="{% url 'login' %}"> {% csrf_token %} {% for hidden_field in form.hidden_fields %} {{ hidden_field }} {% endfor %} {% if form.non_field_errors %} <div class="alert alert-danger" role="alert"> {% for error in form.non_field_errors %} {{ ... -
How To Add Session Variables with Built-In login view
I used the built-in login view that django makes but now I don't know how to set sessions when a user logs in. I was thinking of redirecting a user to a new view that would add these session variables but I don't see that as an ideal fix. Another question I have is: Can I use these session variables in my templates? If not, how would I get that data to the templates? -
Angular resetting csrf token
I'm using Angular 6 and having a hard time integrating Django's csrf with Angular's. I found in this thread that Django changes the token on login which, since I can both register and login using post requests with the same new session but not post anything after login seems to make sense. The question becomes how I go about resetting the csrf token on login. The way the csrf is handled now in my Angular app is shown in the below code for my app module: import { BrowserModule } from '@angular/platform-browser'; import { FormsModule, ReactiveFormsModule } from '@angular/forms'; import { NgModule } from '@angular/core'; import { HttpClientModule } from '@angular/common/http'; import { HttpModule, XSRFStrategy, CookieXSRFStrategy } from '@angular/http' import { AppComponent } from './app.component'; import { AppRoutingModule } from './app-routing.module'; import { RegisterComponent } from './register/register.component'; import { LoginComponent } from './login/login.component'; import { AlertComponent } from './_directives/alert.component'; import { ProfileComponent } from './profile/profile.component'; import { AuthGuardService } from './_guards/auth-guard.service'; import { AlertService } from './_services/alert.service'; import { AuthService } from './_services/auth.service'; import { UserService } from './_services/User.service'; @NgModule({ declarations: [ AppComponent, RegisterComponent, LoginComponent, AlertComponent, ProfileComponent, ], imports: [ BrowserModule, FormsModule, ReactiveFormsModule, AppRoutingModule, HttpClientModule, HttpModule ], providers: [ { ... -
python - django autentication - anonymous user after login
I have a django server which acts as an API (i.e. listens to requests and returns data ONLY), and I want this API to be accessible only to authenticated users. I read about the django authentication system, and tried to implement it according to the documentation (https://docs.djangoproject.com/en/2.0/topics/auth/default/). I wrote a small web-page just to test the authentication - login was successful (server was able to authenticate and login the user), but when attempting to reach a restricted view I have no access, and the request.user received is an AnonymousUser instead of the logged in user. I am using Python 3.6.5 and Django 2.0.4 Server code: @csrf_exempt def dologin(request): username = request.POST.get('username') password = request.POST.get('password') if not username or not password: return HttpResponse('missing username or password', status=400) user = authenticate(request, username=username, password=password) if user is not None: login(request, user) return HttpResponse(user) else: return HttpResponse('bad credentials', status=422) def dologout(request): logout(request) return HttpResponse('success') @login_required() def testAccess(request): return HttpResponse('ok') def checkUser(request): u = "anonymous" if not request.user.is_authenticated else request.user.username return HttpResponse(u) Client code: <label>username:</label> <input type="text" id="uin"/> <label>username:</label> <input type="text" id="pin"/> <button id="inbtn">login</button> <button id="outbtn">logout</button> <button id="test">test access</button> <button id="check">check user</button> <div id="res"></div> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js" type="text/javascript"></script> <script> $("#inbtn").click(function(){ u = $("#uin").val(); p = $("#pin").val(); ... -
related name in parent model in django if inherited in other model
I created a model which can be inherited in other models Parent Model class Edit_Lane_Info(models.Model): lane_info = models.OneToOneField(Edit_Lane, related_name="$(class)s", on_delete=models.CASCADE) def delete(self, *args, **kwargs): super().delete(*args, **kwargs) if self.lane_info: self.lane_info.delete() class Meta: abstract = True class Status (Edit_Lane_Info, models.Model): # parent class inherited ...... class Anpr(Edit_Lane_Info, models.Model): # parent class inherited .... class Sensor_Details(Edit_Lane_Info, models.Model): # parent class inherited ............. Now my question is how can I pass related_name in Edit_Lane_Info(parent model) uniquely -
Django backend with a javascript frontend - best practices
I stumbled upon google's material design web components ("https://material.io/") and would like to implement it in my projects. The only problem is that I've never used a javascript frontend before. Note: Google's Material Design is the successor of Material Design Lite. I received a recommendation to learn angular and implement Google's material design components through angular and have my frontend (angular) communicate with my backend (django) through an API. 1- Is this really the best way to proceed if only the web components are needed? Can we not just import the CSS and JS like we did with bootstrap and use Django/jinja to render views? 2- It seems like node.js / NPM is required to use angular and Google's material design, however, is that just during development? Or will we face complications when trying to deploy a django backend and javascript front end? -
Django Celery periodic task example
I need a minimum example to do periodic task (run some function after every 5 minutes, or run something at 12:00:00 etc.). In my myapp/tasks.py, I have, from celery.task.schedules import crontab from celery.decorators import periodic_task from celery import task @periodic_task(run_every=(crontab(hour="*", minute=1)), name="run_every_1_minutes", ignore_result=True) def return_5(): return 5 @task def test(): return "test" When I run celery workers it does show the tasks (given below) but does not return any values (in either terminal or flower). [tasks] . mathematica.core.tasks.test . run_every_1_minutes Please provide a minimum example or hints to achieve the desired results. Background: I have a config/celery.py which contains the following: import os from celery import Celery os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings.local") app = Celery('config') app.config_from_object('django.conf:settings', namespace='CELERY') app.autodiscover_tasks() And in my config/__init__.py, I have from .celery import app as celery_app __all__ = ['celery_app'] I added a function something like below in myapp/tasks.py from celery import task @task def test(): return "test" When I run test.delay() from shell, it runs successfully and also shows the task information in flower -
Overlay a toolbar over Cesium Viewer/Map
Hi I am trying to overlay a toolbar on the Cesium Viewer/Map but whenever I try to do the div class = toolbar like in the sandcastle example, the buttons or anything I add always shows up under the map. I want something like this: http://i.imgur.com/KKI2W5R.png Here's what I have so far: Index.html <html> <head> <title>Demo</title> </head> <body> {% load staticfiles%} <script src= {% static "js/Cesium.js" %} type="text/javascript"></script> <div id="cesiumContainer"></div> <div class="toolbar-left"> <button onclick="alert('You clicked!');">Click me!</button> </div> {% load static %} <link rel="stylesheet" type="text/css" href="{% static 'test/hello.css' %}" /> <script> var viewer = new Cesium.Viewer('cesiumContainer'); </script> </body> </html> -
Problems with Django REST framework filtering?
I have this problem while using the Django Rest Framework. I am trying to do a get request using patient id. Now, lets say I look for patientid=6, the api returns results with patientid=6 ,patientid=26 and any ids that contain the number '6'. It looks like it searches for a substring.I want to make it work such that patient id=6 returns only the patientid results with id =6 serializers.py class Radiologypdfserializerdata(serializers.ModelSerializer): class Meta: model = models.Radiologypdf fields = ( 'patientid', 'testinfo', 'clinicalindication', 'attendingdoctor', 'patientname', 'age', 'mobilenumber', 'sex', 'email', 'doctorsname', 'doctorsregistrationnumber', 'clinicname', 'doctorstelno', 'createdtime', 'radiology_id', 'created', ) api.py class RadiologypdfViewSet(viewsets.ModelViewSet): """ViewSet for the radiology class""" queryset = models.Radiologypdf.objects.all() serializer_class = serializers.Radiologypdfserializerdata permission_classes = [permissions.IsAuthenticated] filter_backends = (filters.SearchFilter,) search_fields = ('patientid','radiology_id') -
How to display a field from a modelchoice
I have a class in my forms and a object called tiposervico (ForeignKey). See bellow. In my template, after select a tiposervico I would like to display 'descricao' field on my screen. How can i do that? class servicoForm(forms.ModelForm): tiposervico = forms.ModelChoiceField(queryset=tiposervico.objects.all(), required=True) tiposervico -> id, descricao -
Getting and inserting the value of a CSRF cookie set by Django in Angular
I'm having some trouble getting the CSRF integration between Django and Angular to work. I made an earlier broader post about that here.. The problem is that logged in users can't make post-requests from the front-end, but they can make the exact same requests from Django's browsable API through forms. I'm setting a {% csrf_token %} at the index template that Django serves and I am using Angular's built it XSRFS strategy to set attack a header to http requests, but I think the problem is that I'm not catching the value provided by Django's generated csrf token and can't figure out how to implement gathering that data and attaching it to my Angular http-request cookies. Here's the code for the module that provides the strategy: import { BrowserModule } from '@angular/platform-browser'; import { FormsModule, ReactiveFormsModule } from '@angular/forms'; import { NgModule } from '@angular/core'; import { HttpClientModule } from '@angular/common/http'; import { HttpModule, XSRFStrategy, CookieXSRFStrategy } from '@angular/http' import { AppComponent } from './app.component'; import { AppRoutingModule } from './app-routing.module'; import { RegisterComponent } from './register/register.component'; import { LoginComponent } from './login/login.component'; import { AlertComponent } from './_directives/alert.component'; import { ProfileComponent } from './profile/profile.component'; import { AuthGuardService } from ... -
How to access run-time request.session values in forms.py definition?
I have an inventory management app that will be serving multiple locations (called contexts in my app). When a user is logged in, their current context is stored as a value in request.sessions. I would like users to only be able to browse and retrieve records for their own location. I've been trying to this by filtering the queryset that is called in the form definition to populate the select dropdown, i.e. referenced_catalog = forms.ModelChoiceField( queryset=Inventory_unit_catalog.objects.all().filter(parent_business_unit_context_id=user_context_id), I've tried implementing several different (but similar) approaches from various SO posts, that involve defining an init block to the form, such as: def __init__(self, *args, **kwargs): self.user_context_id = kwargs.pop('user_context_id', None) super(InventoryStockAddForm, self).__init__(*args, **kwargs) But the queryset definition still returns that user_context_id is undefined, whether as written or as self.user_context_id (different SO answers had one way or the other). I've even tried using the SessionStore per https://djangobook.com/using-sessions-views-2/: SessionStore = import_module(settings.SESSION_ENGINE).SessionStore s = SessionStore() user_context_id = s['user_context_id'] but it always fails at the moment the forms.py is updated as Django validates the code and cannot find a key value at the moment of validation. Any advice would be appreciated, thanks! -
empty POST results of an LI
I have the following form using the POST method. <form action = "{% url 'submittedupdate' %}" form method = "POST"> {% csrf_token %} <div class="well"> <h4 style="margin-top: 0"><strong>Update Application(s)</strong></h4> {% for app in applicationaccess %} <li name = "report_id" value = "{{app.report_id}}">{{ app.report_name_sc }}</li> {% endfor %} </div> </form> The current form displays the data correctly, but when I try to retrieve the request in the next view with currlist = request.POST.getlist('report_id') print(currlist) I get an empty list. In the previous view applicationaccess is defined as reportaccess shown below: owner = ADMirror.objects.get (employeentname=request.POST.get('userpost')) currentaccess = QVReportAccess.objects.filter(ntname = 'owner.employeentname, active = 1).values_list('sr_datareduce_summary_code', flat = True).distinct() reportIds = QVReportAccess.objects.filter(ntname = 'owner.employeentname).values_list('report_id', flat=True) currentcheckedlist = request.POST.getlist('current_report') reportaccess = QvReportList.objects.filter(report_id__in= currentcheckedlist).values('report_id','report_name_sc').distinct() Why am I getting an empty list and how can I get the values from report_id in the for loop above?
