Go to Google Groups Home    Django users
Overriding returned contents of user objects

Tane Piper <digitalspaghe...@googlemail.com>

Hi there,

I'm currently building a Django app that uses JavaScript and Ajax.
One of the things I am doing is within each view, as well as
outputting a variable as standard, I also JSON encode any objects on
the page and return them as well, so when the page loads, they are in
the DOM as values I can use to manipulate the page.

One of the issues I am having is with the code below for example:

def get_project_list(request):
    member = Member.members.get(user__exact = request.user)
    projects = [project for project in Project.projects.all() if
project.get_permissions(request.user).view_project]

    if request.is_ajax():
        template = 'project/project_list_ajax.html'
    else:
        template = 'project/project_list.html'

    return render_to_response(template,
        {
            'view_title': "All Projects",
            'projects': projects,
            'json_output': json_encode({'projects' : projects, 'user'
: member}),
        }, context_instance=RequestContext(request)
    )

i then output it like this

<script>
var hgfront = {{json_output}}
</script>

When I go into the DOM tab in Firebug, I can see the variables in the
dom.  All are attached to a hgfront object, so for example, a page
might look like this in the dom

+ hgfront
    + options
    + projects
        +0
            +_project_manager_cache
            name
            id
.....

As you can see, each object is converted into JSON, but the problem
comes when I get a project, as you can see it passes along the
_project_manager_cache - which is the user object.  Now the problem I
am having is the users password, although hashed, is showing like so:

_project_manager_cache
        Object username=tanep first_name=Tane last_name=Piper
date_joined
        "2008-04-10 18:40:55"
email
        "digitalspaghe...@gmail.com"
first_name
        "Tane"
id
        2
is_active
        true
is_staff
        true
is_superuser
        true
last_login
        "2008-04-10 22:46:12"
last_name
        "Piper"
password
        "sha1$65c5c$ac5966b3082279392h737373144cf6db200c3"
username
        "tanep"

The problem is that this isn't even being done with a select_related()
query, so the object is automatically being output.  What I want to
know is there any way I could simplify the method and have it remove
the password field any time a user object is being selected as part of
a related query??  I'm sure there is a need for it when doing
authorisation, but once a session has been confirmed, is it needed
again?

--
Tane Piper
Blog - http://digitalspaghetti.me.uk
Skype: digitalspaghetti

This email is: [ ] blogable [ x ] ask first [ ] private