Overriding returned contents of user objects - Django users

Message from discussion Overriding returned contents of user objects
Received-SPF: pass (google.com: domain of digitalspaghe...@googlemail.com designates 72.14.220.155 as permitted sender) client-ip=72.14.220.155;
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=googlemail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=YdO4qdo7GV213/i7FgGR3QQ1AY6GdsXKzrwLButzpufeFEtWEDS4HJfhuvw4NkvC35d5erwV9PFW5Oi1yYAR+W5W0pU4nTeWK9voGCLJ0HOKUI8rFc12o4vdinng5OW5jRIZJfrpKBER5q2In4/0oA74YPViSINvhrv/NRYXJNA=
Message-ID: <eacff6d20804130346j4a2b0e6ai9e9ea68de65231bd@mail.gmail.com>
Date: Sun, 13 Apr 2008 11:46:21 +0100
From: "Tane Piper" <digitalspaghe...@googlemail.com>
To: "Django Users Group" <django-users@googlegroups.com>
Subject: Overriding returned contents of user objects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi there,

I'm currently building a Django app that uses JavaScript and Ajax.
One of the things I am doing is within each view, as well as
outputting a variable as standard, I also JSON encode any objects on
the page and return them as well, so when the page loads, they are in
the DOM as values I can use to manipulate the page.

One of the issues I am having is with the code below for example:

def get_project_list(request):
    member = Member.members.get(user__exact = request.user)
    projects = [project for project in Project.projects.all() if
project.get_permissions(request.user).view_project]

    if request.is_ajax():
        template = 'project/project_list_ajax.html'
    else:
        template = 'project/project_list.html'

    return render_to_response(template,
        {
            'view_title': "All Projects",
            'projects': projects,
            'json_output': json_encode({'projects' : projects, 'user'
: member}),
        }, context_instance=RequestContext(request)
    )

i then output it like this

<script>
var hgfront = {{json_output}}
</script>

When I go into the DOM tab in Firebug, I can see the variables in the
dom.  All are attached to a hgfront object, so for example, a page
might look like this in the dom

+ hgfront
    + options
    + projects
        +0
            +_project_manager_cache
            name
            id
.....

As you can see, each object is converted into JSON, but the problem
comes when I get a project, as you can see it passes along the
_project_manager_cache - which is the user object.  Now the problem I
am having is the users password, although hashed, is showing like so:

_project_manager_cache
	Object username=tanep first_name=Tane last_name=Piper
date_joined
	"2008-04-10 18:40:55"
email
	"digitalspaghe...@gmail.com"
first_name
	"Tane"
id
	2
is_active
	true
is_staff
	true
is_superuser
	true
last_login
	"2008-04-10 22:46:12"
last_name
	"Piper"
password
	"sha1$65c5c$ac5966b3082279392h737373144cf6db200c3"
username
	"tanep"

The problem is that this isn't even being done with a select_related()
query, so the object is automatically being output.  What I want to
know is there any way I could simplify the method and have it remove
the password field any time a user object is being selected as part of
a related query??  I'm sure there is a need for it when doing
authorisation, but once a session has been confirmed, is it needed
again?

-- 
Tane Piper
Blog - http://digitalspaghetti.me.uk
Skype: digitalspaghetti

This email is: [ ] blogable [ x ] ask first [ ] private