Re: Saving Django User in Form

Thanks for the advice. I want to make sure it's secure.

What's the best way to override the save I posted in the code above
without causing issues?

On Feb 25, 2:10 am, Bernhard Schandl <bernhard.scha...@gmail.com>
wrote:
> Hi,
>
> > I tried that before your answer arrived and it worked like a charm. I
> > just excluded the author field from the form and kept everything else
> > the same. It works perfectly, as the user was already passed to the
> > author field in the view. A logged in user can now automatically post
> > a story now through the form and it appears under their username.
>
> > So simple. I asked elsewhere and received extremely convoluted answers
> > that caused more confusion and chaos rather than comfort.
>
> > Thank you for reaffirming. Although, I didn't have to override the
> > form (new_story.save()) to make it work. I should probably just leave
> > it alone and enjoy the functionality!
>
> You should only check that, although the user field now does not appear in the form, the user cannot override the user field by changing the POST request that is sent to your server after submitting. So it's definitively safer to explicitly override the user field in your model on save(), instead of relying on a pre-filled field.
>
> best
> Bernhard

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.