Message from discussion
Overriding returned contents of user objects
Received: by 10.35.90.4 with SMTP id s4mr7681061pyl.5.1208084395066;
Sun, 13 Apr 2008 03:59:55 -0700 (PDT)
Return-Path: <malc...@pointy-stick.com>
Received: from tallyho.bytemark.co.uk (tallyho.bytemark.co.uk [80.68.81.166])
by mx.google.com with ESMTP id z53si2415805pyg.1.2008.04.13.03.59.54;
Sun, 13 Apr 2008 03:59:55 -0700 (PDT)
Received-SPF: neutral (google.com: 80.68.81.166 is neither permitted nor denied by best guess record for domain of malc...@pointy-stick.com) client-ip=80.68.81.166;
Authentication-Results: mx.google.com; spf=neutral (google.com: 80.68.81.166 is neither permitted nor denied by best guess record for domain of malc...@pointy-stick.com) smtp.mail=malc...@pointy-stick.com
Received: from sharp.pointy-stick.com ([80.68.90.23])
by tallyho.bytemark.co.uk with esmtp (Exim 4.63)
(envelope-from <malc...@pointy-stick.com>)
id 1Jkzw9-00041z-GN
for django-users@googlegroups.com; Sun, 13 Apr 2008 10:59:53 +0000
Received: from [192.168.0.102] (cust7071.nsw01.dataco.com.au [203.171.88.159])
by sharp.pointy-stick.com (Postfix) with ESMTP id 49639C406
for <django-users@googlegroups.com>; Sun, 13 Apr 2008 20:59:50 +1000 (EST)
Subject: Re: Overriding returned contents of user objects
From: Malcolm Tredinnick <malc...@pointy-stick.com>
To: django-users@googlegroups.com
In-Reply-To: <eacff6d20804130346j4a2b0e6ai9e9ea68de65231bd@mail.gmail.com>
References: <eacff6d20804130346j4a2b0e6ai9e9ea68de65231bd@mail.gmail.com>
Content-Type: text/plain
Date: Sun, 13 Apr 2008 20:59:46 +1000
Message-Id: <1208084386.17060.19.camel@counterweight.tredinnick.org>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 (2.12.3-3.fc8)
Content-Transfer-Encoding: 7bit
On Sun, 2008-04-13 at 11:46 +0100, Tane Piper wrote:
[...]
> What I want to
> know is there any way I could simplify the method and have it remove
> the password field any time a user object is being selected as part of
> a related query??
Not really, unless you use values(). For any model, if the Python object
is being constructed, it pulls back all the values it needs to populate
the attributes. The password hash is an attribute of the User model.
> I'm sure there is a need for it when doing
> authorisation, but once a session has been confirmed, is it needed
> again?
Login isn't the only time when the password hash might be needed (for
example, it's displayed and editable in the admin screen) and it would
be quite hacky to introduce a special case for saying when that field
shouldn't be displayed. You're using the User object in public-readable
situations, which isn't really part of the design. So change your design
a bit so that you're not throwing around this information if you don't
want it displayed. Yes, anything can be serialised using json, but that
doesn't mean you should indiscriminately do so or that the framework
should accommodate that.
It might make sense in your situation to just pull back the values()
that you need for various objects and serialise that dictionary. Or you
could make another pass through the projects list and blank out the
attribute(s) you aren't interested in, such as _project_manager_cache.
Regards,
Malcolm
--
A clear conscience is usually the sign of a bad memory.
http://www.pointy-stick.com/blog/
|
