Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Django users
Home
+ new post
Pages
Files
About this group
Join this group
Message from discussion Overriding returned contents of user objects
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Tane Piper  
View profile  
 More options Apr 13 2008, 8:46 pm
From: "Tane Piper" <digitalspaghe...@googlemail.com>
Date: Sun, 13 Apr 2008 11:46:21 +0100
Local: Sun, Apr 13 2008 8:46 pm
Subject: Overriding returned contents of user objects
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
Hi there,

I'm currently building a Django app that uses JavaScript and Ajax.
One of the things I am doing is within each view, as well as
outputting a variable as standard, I also JSON encode any objects on
the page and return them as well, so when the page loads, they are in
the DOM as values I can use to manipulate the page.

One of the issues I am having is with the code below for example:

def get_project_list(request):
    member = Member.members.get(user__exact = request.user)
    projects = [project for project in Project.projects.all() if
project.get_permissions(request.user).view_project]

    if request.is_ajax():
        template = 'project/project_list_ajax.html'
    else:
        template = 'project/project_list.html'

    return render_to_response(template,
        {
            'view_title': "All Projects",
            'projects': projects,
            'json_output': json_encode({'projects' : projects, 'user'
: member}),
        }, context_instance=RequestContext(request)
    )

i then output it like this

<script>
var hgfront = {{json_output}}
</script>

When I go into the DOM tab in Firebug, I can see the variables in the
dom.  All are attached to a hgfront object, so for example, a page
might look like this in the dom

+ hgfront
    + options
    + projects
        +0
            +_project_manager_cache
            name
            id
.....

As you can see, each object is converted into JSON, but the problem
comes when I get a project, as you can see it passes along the
_project_manager_cache - which is the user object.  Now the problem I
am having is the users password, although hashed, is showing like so:

_project_manager_cache
        Object username=tanep first_name=Tane last_name=Piper
date_joined
        "2008-04-10 18:40:55"
email
        "digitalspaghe...@gmail.com"
first_name
        "Tane"
id
        2
is_active
        true
is_staff
        true
is_superuser
        true
last_login
        "2008-04-10 22:46:12"
last_name
        "Piper"
password
        "sha1$65c5c$ac5966b3082279392h737373144cf6db200c3"
username
        "tanep"

The problem is that this isn't even being done with a select_related()
query, so the object is automatically being output.  What I want to
know is there any way I could simplify the method and have it remove
the password field any time a user object is being selected as part of
a related query??  I'm sure there is a need for it when doing
authorisation, but once a session has been confirmed, is it needed
again?

--
Tane Piper
Blog - http://digitalspaghetti.me.uk
Skype: digitalspaghetti

This email is: [ ] blogable [ x ] ask first [ ] private


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google