I'm creating simple app which allows users to create group. When user create group it has following fields:
- name
- desc
- inviteKey - i would this field to be hidden and generate 10 characters code and then send it.
My models:
class Group(models.Model):
groupName = models.CharField(max_length=100)
description = models.CharField(max_length=255)
inviteKey = models.CharField(max_length=255)
class Members(models.Model):
userId = models.ForeignKey(User, on_delete=models.CASCADE)
groupId = models.ForeignKey(Group, on_delete=models.CASCADE)
isAdmin = models.BooleanField(default=False)
Form:
class GroupForm(forms.ModelForm):
groupName = forms.CharField(label='Nazwa grupy', max_length=100)
description = forms.CharField(label='Opis', max_length=255)
inviteKey: forms.CharField(label='Kod wstępu')
class Meta:
model = Group
fields = ['groupName', 'description', 'inviteKey' ]
View:
def createGroup(request):
if request.method == "POST":
form = GroupForm(request.POST)
if form.is_valid():
form.save()
messages.success(request, f'Group created')
return redirect('/')
else:
inviteKey = generateInviteKey()
form = GroupForm(initial={'inviteKey': inviteKey})
return render(request, 'group/createGroup.html',{'form': form})
Now i have form and inviteKey is visible and editable. I want this key to be visible but not editable.
CodePudding user response:
The best way to do that my opinion is to set the default value for your invitation key in your model, that way, token is created "in the background" with a unique key, but we can go further.
For example :
import uuid
token = models.UUIDField(
default=uuid.uuid4,
unique=True,
editable=False,
)
This way you are sure that the token is unique (UUID is unique by design, but still) you cannot edit it so no wrong token can occur and last of all each object will get a unique token with no work on your side.
I am using UUID because it is recommended by Django as per the Documentation for token and unique identifier.
Note : If you set the UUID with a default value, you cannot get it before the object is created, depending on your use you might want to set it in the form (see answer below).
CodePudding user response:
You can make the field disabled, so:
class GroupForm(forms.ModelForm):
groupName = forms.CharField(label='Nazwa grupy', max_length=100)
description = forms.CharField(label='Opis', max_length=255)
inviteKey = forms.CharField(label='Kod wstępu', disabled=True)
class Meta:
model = Group
fields = ['groupName', 'description', 'inviteKey' ]This will also prevent a user from fabricating a POST request that contains a different invite key.
A problem that one now has to solve however is that we do not want to generate a different inviteKey when the user submits the form. This can be handled with session data, although it is not a very elegant solution. In that case we thus change the view to:
def createGroup(request):
if request.method == 'POST' and 'inviteKey' in request.session:
inviteKey = request.session['inviteKey']
form = GroupForm(request.POST, initial={'inviteKey': inviteKey})
if form.is_valid():
form.save()
messages.success(request, f'Group created')
return redirect('/')
else:
request.session['inviteKey'] = inviteKey = generateInviteKey()
form = GroupForm(initial={'inviteKey': inviteKey})
return render(request, 'group/createGroup.html',{'form': form})You probably alo might want to make your inviteKey field unique, to prevent creating multiple groups with the same inviteKey:
class Group(models.Model):
groupName = models.CharField(max_length=100)
description = models.CharField(max_length=255)
inviteKey = models.CharField(max_length=255, unique=True)