mdgArt » Django http://www.mdgart.com Art & Programming Thu, 12 Jan 2012 11:56:28 +0000 http://wordpress.org/?v=2.8.5 en hourly 1 Django Auth behind proxy server http://www.mdgart.com/2011/01/15/django-auth-behind-proxy-server/ http://www.mdgart.com/2011/01/15/django-auth-behind-proxy-server/#comments Sat, 15 Jan 2011 17:35:44 +0000 Mauro http://www.mdgart.com/?p=136 Yesterday I had a weird problem with a Django application that should primarily work on computer behind a proxy server: for some reason that I didn’t understand yet, the proxy lost the session’s cookie, but only when a form send data (via POST) to a view that is visible only to logged users (=O).
The other views works well, but that particular views lost the cookie! What to do in this case?
A simple workaround helped me: I sent the session id via GET to the view. I know, django never use this for security reason, but I didn’t find a “official” solution, so this is what I did:

I create this middleware that use the query string session id if it doesn’t find the session’s cookies in the request:

from django.conf import settings
 
class FakeSessionCookieMiddleware(object):
 
    def process_request(self, request):
        if not request.COOKIES.has_key(settings.SESSION_COOKIE_NAME) and request.GET.has_key(settings.SESSION_COOKIE_NAME):
            request.COOKIES[settings.SESSION_COOKIE_NAME] = request.GET[settings.SESSION_COOKIE_NAME]

You have to add this middleware to your settings.py before django.contrib.sessions.middleware.SessionMiddleware:

MIDDLEWARE_CLASSES = (
    ...
    'myapp.middleware.FakeSessionCookieMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    ...
)

In this case the middleware class is inside the middleware.py file in myapp application.
Then you can add SESSION_COOKIE_NAME in your context like this:

context = {
    'session_cookie_name': settings.SESSION_COOKIE_NAME,
    'session_cookie_value': request.COOKIES[settings.SESSION_COOKIE_NAME], 
} 
    template = 'yourtemplate.html' 	
    return render_to_response(template, context, context_instance=RequestContext(request))

and pass “session_cookie_name” and “session_cookie_value” in your URL:

<a href="/your/url/?{{session_cookie_name}}={{session_cookie_value}}">

Is ugly and potentially dangerous, but it’s an extreme solution in case you REALLY have this problem that can’t be solved in other ways. Hope this can help someone with the same issue.

Donate 1 euro, buy me a coffee, I need it to write more posts! Thanks ;)

]]> http://www.mdgart.com/2011/01/15/django-auth-behind-proxy-server/feed/ 0 Django Tip: Cross Domain Cookies http://www.mdgart.com/2011/01/15/django-tip-cross-domain-cookies/ http://www.mdgart.com/2011/01/15/django-tip-cross-domain-cookies/#comments Sat, 15 Jan 2011 17:32:03 +0000 Mauro http://www.mdgart.com/?p=142 If you use the Django Auth Framework you may need to know the existence of this constant that you can set in the settings.py of your project:

SESSION_COOKIE_DOMAIN = ".yourdomain.com"

when you login, your cookies session will be set to be valid on every subdomain, so you will be still logged in www.yourdomain.com, yourdomain.com, and any every subdomains.yourdomain.com.

Donate 1 euro, buy me a coffee, I need it to write more posts! Thanks ;)

]]> http://www.mdgart.com/2011/01/15/django-tip-cross-domain-cookies/feed/ 0 Django admin: how to hide fields for certain users (that are not superusers) http://www.mdgart.com/2010/04/08/django-admin-how-to-hide-fields-in-a-form-for-certain-users-that-are-not-superusers/ http://www.mdgart.com/2010/04/08/django-admin-how-to-hide-fields-in-a-form-for-certain-users-that-are-not-superusers/#comments Thu, 08 Apr 2010 17:56:57 +0000 Mauro http://www.mdgart.com/?p=102 I’m working on a project and I’m using the incredible django admin. So, yesterday I needed a way to hide some fields in a model for user that didn’t have superuser permissions. After some googling, I found a method in the ModelAdmin class that was perfect (well, I think that it’s perfect) for my needs: get_form.
The method is not really mentioned in the official django documentation except in the comment framework, but you can use it in your ModelAdmin subclass as well. It’s called before the “change form” is created, so we can dynamically change it before it’s displayed.
The principle is very simple: I dynamically populate the exclude attribute so that if a user is not a superuser I can exclude a field (or more that one field). Let’s see an example:

class MyModelAdmin(admin.ModelAdmin):
	def get_form(self, request, obj=None, **kwargs):
		self.exclude = []	
		if not request.user.is_superuser:
			self.exclude.append('field_to_hide')
		return super(MyModelAdmin, self).get_form(request, obj, **kwargs)

What it does is simply add the field_to_hide to the exclude list of MyModelAdmin. In this case, the field will be visible only to superusers, checking the request.user.is_superuser attribute. Pretty simple!

Donate 1 euro, buy me a coffee, I need it to write more posts! Thanks ;)

]]> http://www.mdgart.com/2010/04/08/django-admin-how-to-hide-fields-in-a-form-for-certain-users-that-are-not-superusers/feed/ 5 Contact me http://www.mdgart.com/contact-me/ http://www.mdgart.com/contact-me/#comments Tue, 17 Mar 2009 13:38:35 +0000 Mauro http://www.mdgart.com/?page_id=55
Donate 1 euro, buy me a coffee, I need it to write more posts! Thanks ;)

]]> http://www.mdgart.com/contact-me/feed/ 0