Authentication issue (Proposal)

2007-03-22 Thread Mario Gonzalez

  Hello. I've got an issue that I want to deal with if you let me. I
think, as everybody we've got a project with many applications on it.
And also there are lots of users available, however what about if I
want to deny some apps to some users?

  Or, how can I know what app can be used by someone? Well, I can use
a user_passes_test decorator, sure but I've got do it every time, in
every view. IMO that must be solved in the core, not in every view.

  So far, permissions are applied to classes (tables) only, but not to
applications.  I don't know what do you think about this but I want to
give a idea:

Every time when a administrator create a new app, internally a
group with the same application name is created. Thus, a user must
belong to this group to gain access to the app. This should be a easy
way to limit users.

  Regards!

http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Get function name after....

2007-03-27 Thread Mario Gonzalez

  Hello, I'm trying to know the callback name after a resolve process


from django.conf import settings
from django.http import HttpResponse
from django.core.urlresolvers import resolve

class AuthorizedMiddleware(object):

def process_request(self, request):
return HttpResponse(str( resolve(request.path)[0].__name__ ))


 however always I've got a "_wrapped_view" name. Is there a way to
find out, for example if  my request.path is one/ to get app_one.idex
as a string?

(r'^one/$', 'app_one.index'),
(r'^two/$', 'app_two.index'),

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



wrong names in variables. startapp rutine

2007-04-09 Thread Mario Gonzalez

  I found a variable in django/core/management.py file named
project_name, its content should be the project name but it's not. It
saves the parent directory name instead, so I wrote a patch that fix
it.

Please, see
http://code.djangoproject.com/ticket/3846

Regards!
-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Bug in template system?

2007-06-21 Thread Mario Gonzalez

  Hello, today after an svn update I've got a

Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/django/core/servers/basehttp.py",
line 273, in run
self.finish_response()
  File "/usr/lib/python2.5/site-packages/django/core/servers/basehttp.py",
line 312, in finish_response
self.write(data, False)
  File "/usr/lib/python2.5/site-packages/django/core/servers/basehttp.py",
line 396, in write
self._write(data)
  File "socket.py", line 262, in write
self.flush()
  File "socket.py", line 249, in flush
self._sock.sendall(buffer)
error: (32, 'Broken pipe')
Exception django.template.TemplateSyntaxError:
TemplateSyntaxError('Caught an exception while rendering: ',) in
 ignored

  I'm try to find what the problem is but maybe you can help me a bit.

   Ideas?

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Re: Ticket 3505, Authentication backend

2007-07-12 Thread Mario Gonzalez

On 11 jul, 22:33, "Russell Keith-Magee" <[EMAIL PROTECTED]>
wrote:
>
> >  if AUTHENTICATION_BACKENDS is empty or something is wrong then
> > nothing is detected, only an ImporError. The patch catch the
> > ValueError.
>
> Where and how is the error revealed? When you import an application?
> When you syncdb? When you try to authenticate? What constitutes "empty
> or something is wrong"?
>

  Sorry, my mistake. I'll explain a bit further:

 in my settings file I set AUTHENTICATION_BACKENDS = ('something.that-
doesnot.exists') so when you use the authenticate() method in some
view a ValueError is raised. So, my patch catch that exception in
load_backend() method.

  IMO, it's a validation mistake and that I'm trying to fix.

>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Re: Ticket 3505, Authentication backend

2007-07-18 Thread Mario Gonzalez

On Jul 13, 1:04 am, "Russell Keith-Magee" <[EMAIL PROTECTED]>
wrote:
> defines AUTH_BACKENDS to be a string, not a tuple, and that is the
> error you are catching (note the missing comma). Note the missing
> comma. If you have the comma in the tuple, Django correctly reports
> that the backend doesn't exist.
>

  :-) I started fixing another problem but at the end, the problem was
other, thanks for your time Russell.

Regards.

>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Django 1.0?

2007-07-19 Thread Mario Gonzalez

 Dears hackers, I want to ask a question, for you maybe it will be
just foolish but, I've seen the open tickets, I'm trying to write some
patch for some of them but my help it's not enough :-( and they are a
lot.

 Are you going to wait until all those tickets will be closed? is
there a date limit for a frozen stage or something like that?

Thanks.

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Re: Django 1.0?

2007-07-21 Thread Mario Gonzalez

On Jul 19, 11:47 pm, "Adrian Holovaty" <[EMAIL PROTECTED]> wrote:
> Hi Mario,
>

  Hi Adrian, many thanks for your answer.

> Please check the FAQ, which is where we've written our definitive
> answer to this question --
>
> http://www.djangoproject.com/documentation/faq/#when-will-you-release...
>

   After I saw your link I read the FAQ and there's something caught
my attention: "have added all features that we feel are necessary to
earn a 1.0". Are those "features" the open tickets? I say that because
the words of Oggie Rob were a bit ironic and that's ok (Maybe... I do
the same thing sometimes for new people in others lists) but I'm
really interested in help in Django development. Well, sure I haven't
got time enough however "worst is nothing".

  I opened this thread not for wast your time and also not for wast my
time either. But I want to know what are the most important
characteristics you want in the Django API.

--
MarioGonzalez


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Re: Django 1.0?

2007-07-22 Thread Mario Gonzalez

On Jul 21, 11:55 pm, Gary Wilson <[EMAIL PROTECTED]> wrote:
>
> No, not all of the open tickets anyway.  There will _always_ be open
> tickets no matter how hard we all try to close them :)
>

  Yeah! that's my point of view and we share it. Maybe I didn't
explain myself but I wanted to arrive to this stage and sure,
VersionOneFeatures helps me a lot :)

regards.

>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Ticket 4928

2007-07-29 Thread Mario Gonzalez

 Hello! one week ago I opened this ticket
http://code.djangoproject.com/ticket/4928 please take a look when you
can. It's got a patch also.

Regards!

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Queryset in newforms

2007-09-27 Thread Mario Gonzalez

Hello:

 I usually show forms using form_for_model(), however there's
something I think is missing. My model is something like:

class TransferFile(models.Model):
file = models.FileField(upload_to="/some/path/in/my/system/")
owner = models.ForeignKey(User, db_column="owner", db_index=True)
authorized_account = models.ManyToManyField(User,
related_name="authorized_account")

class Admin:
pass

class Meta:
permissions = (
('send_file', 'Can send files'),

In my DB I've got lot of users, each one with different groups and
permissions, and I don't want to show them in my form. So, I want to
pass a parameter in form_for_model() and I wrote a patch for that:

Index: models.py
===
--- models.py   (revision 6426)
+++ models.py   (working copy)
@@ -66,7 +66,7 @@
 return save_instance(self, instance, fields, fail_message,
commit)
 return save

-def form_for_model(model, form=BaseForm, fields=None,
formfield_callback=lambda f: f.formfield()):
+def form_for_model(model, form=BaseForm, fields=None, queryset=None,
formfield_callback=lambda f, **kwargs: f.formfield(**kwargs)):
 """
 Returns a Form class for the given Django model class.

@@ -76,6 +76,7 @@
 determining the formfield for a given database field. It's a
callable that
 takes a database Field instance and returns a form Field
instance.
 """
+from django.db.models.fields.related import ManyToManyField
 opts = model._meta
 field_list = []
 for f in opts.fields + opts.many_to_many:
@@ -83,7 +84,10 @@
 continue
 if fields and not f.name in fields:
 continue
-formfield = formfield_callback(f)
+if isinstance(f, ManyToManyField) and queryset is not None:
+formfield = formfield_callback(f, queryset=queryset)
+else:
+formfield = formfield_callback(f)
 if formfield:
 field_list.append((f.name, formfield))
 base_fields = SortedDictFromList(field_list)

 Have I got to create a ticket?

Regards.
Mario.-


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Re: Queryset in newforms

2007-09-27 Thread Mario Gonzalez

On 27 sep, 16:25, Collin Grady <[EMAIL PROTECTED]> wrote:
> Mario Gonzalez said the following:
>
> > In my DB I've got lot of users, each one with different groups and
> > permissions, and I don't want to show them in my form. So, I want to
> > pass a parameter in form_for_model() and I wrote a patch for that:
>
> Just make your own formfield_callback, that's what it's for :)
>

  I should have to write the all callback and I think that's not what
I want. My proposal is if you've got a special queryset, just pass it
trough form_for_model() method only. Then you haven't got to re-write
all over again.

  Also, I don't want to change the field type, I just need a different
queryset. So far, Django not permit that(AFAIK) and I think this is
necessary.

>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Re: Queryset in newforms

2007-09-27 Thread Mario Gonzalez

On 27 sep, 18:03, Collin Grady <[EMAIL PROTECTED]> wrote:
> Mario Gonzalez said the following:
>
> >   I should have to write the all callback and I think that's not what
> > I want. My proposal is if you've got a special queryset, just pass it
> > trough form_for_model() method only. Then you haven't got to re-write
> > all over again.
>
> Rewrite what all over? All you have to do is edit the generated field
> for your m2m field and change the queryset/choices.
>

  I haven't seen this before, I'll try it but IMVHO it seems a hack
because you've got to generate a field and _then_ change the queryset.
I think the queryset must be defined once and not after.

> >   Also, I don't want to change the field type, I just need a different
> > queryset. So far, Django not permit that(AFAIK) and I think this is
> > necessary.
>
> But what if you have multiple m2ms to multiple model types? Your
> proposal wouldn't support that - it would pass the same queryset to all
> of them, which is invalid.
>

  Sure, the patch I sent was to explain my point only. I wanted to
know if the idea is good enough to use some time developing this.
Personally I think is a good idea.

>


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



Re: Queryset in newforms

2007-09-28 Thread Mario Gonzalez

On 27 sep, 18:36, Collin Grady <[EMAIL PROTECTED]> wrote:
>
> Actually, you don't - I just checked the formfield method of
> ManyToManyField, and you can pass the queryset directly to that, so it
> will use that when it generates the field instead of whatever it would
> normally default to.
>

 Yes, ManyToMany is able to get the queryset and change it but
form_for_model doesn't

Collin, look: I deleted the file I modified (django.newforms.model.py)
and I did a svn update after, I used the project again and...

TypeError at /webapps/portal/archivos/
form_for_model() got an unexpected keyword argument 'queryset'
Request Method: GET
Request URL:http://127.0.0.1:8000/webapps/portal/archivos/
Exception Type: TypeError
Exception Value:form_for_model() got an unexpected keyword argument
'queryset'

In my views.py I've got:

  some_queryset = A_Model.objects.filter()
  form_for_model(A_Model, queryset=some_queryset)

  That's what I want to solve, give the opportunity to the programmer
to change the queryset easily when a form_for_model is needed but you
don't need the default queryset.


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---



New filter proposal: None -> Blank Space

2006-10-11 Thread Mario Gonzalez ( mario__ )

 Hello! I think we've been talking in irc, my nick is mario__  and now
I really like to help to django code, if you let me.  Sometimes sql
queries returns NULL values and python change that with a None type,
then I cannot show a None in a web page so, I have to change that
like:

#in a view
 if foo is None:
   foo = ""

   I'd like to write a new filter, mmmhh  'notnone' maybe

#in a template
   foo|notnone

  Is ok what I'm talking about or just I'm talking foolish things :-)  ?

  Greetings!

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---



Re: New filter proposal: None -> Blank Space

2006-10-11 Thread Mario Gonzalez ( mario__ )

On 11/10/06, Don Arbow <[EMAIL PROTECTED]> wrote:
>
> There's already a filter called 'default_if_none', check the
> documentation.
>
yeah, I saw it before I sent this email :(  sorry if I disturbed
anyone. I did it like:

 #in a template:
  {{ foo|default_if_none:"" }}

 Thanks!

> Don
>

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---



Re: New filter proposal: None -> Blank Space

2006-10-11 Thread Mario Gonzalez ( mario__ )

On 11/10/06, Mario Gonzalez ( mario__ ) <[EMAIL PROTECTED]> wrote:
> On 11/10/06, Don Arbow <[EMAIL PROTECTED]> wrote:
> >
> > There's already a filter called 'default_if_none', check the
> > documentation.
> >
> yeah, I saw it before I sent this email :(  sorry if I disturbed


  well, I saw it AFTER.  my English isn't the best :-)

>

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---



Find the Cookie owner

2006-10-12 Thread Mario Gonzalez ( mario__ )
 Hi, I'm writing a code for a media server and I want to serve static
files to authenticated users only. I check against Django's session
table (django_session) and that's ok (IMO) but in session_data there
isn't the userid and I need it for security reasons; So I sent you
what I'm doing so far and please, I'd really like that someone can
help me a bit if you please.

  Many thanks!


PS: Greetings from Chile.
-- 
http://www.advogato.org/person/mgonzalez/


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---
from mod_python import apache, Cookie
from os import environ

def accesshandler(req, **kwargs):
"""
(Was) Authentication handler that checks against Django's auth database.
(Is)  Access handler that check agains Django's session table
"""

options = req.get_options()
settings_module = options.get('DJANGO_SETTINGS_MODULE', None)
if settings_module:
environ['DJANGO_SETTINGS_MODULE'] = settings_module
else:
return apache.HTTP_FORBIDDEN

cookies = Cookie.get_cookies(req)

if cookies.has_key('sessionid'):
django_sessionid = cookies['sessionid'].value
else:
return apache.HTTP_FORBIDDEN

from django import db
db.reset_queries()

cursor = db.connection.cursor()
sql = """
  SELECT session_data
  FROM django_session
  WHERE expire_date > now()
   AND session_key = '%s'
""" % django_sessionid
cursor.execute( sql )
session = cursor.dictfetchone()

sessionid_is_found = False
if len(session['session_data']) > 0:
sessionid_is_found = True

if not sessionid_is_found:
return apache.HTTP_FORBIDDEN

import base64
a = base64.decodestring( session['session_data'] )

#who is the owner of this cookie??!
#cause in session['session_data'], is not
req.write(a)


return apache.HTTP_UNAUTHORIZED



Re: Database race conditions when using multiple processes

2006-10-16 Thread Mario Gonzalez ( mario__ )

On 16/10/06, James Bennett <[EMAIL PROTECTED]> wrote:
>
> SQLite is *not* something to be using if proper locking and safe
> concurrent access will be important; SQLite's own docs point out a
> couple of cases where its locking just won't work, and they recommend
> moving to a client-server RDBMS like PostgreSQL or MySQL if safe

  you're right, Postgres don't do a block in the entire db but if two
proccess want to write, they going to do it anyway, which one finish
first? it doesn't matter. So, IMVHO, that isn't the problem.

>

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---



Re: Modification in the django.db.backends.postgresql.base

2006-10-17 Thread Mario Gonzalez ( mario__ )

On 17/10/06, Rafael SDM Sierra <[EMAIL PROTECTED]> wrote:
> ps2.: I need this a lot becouse I'm using FreeBSD, and it start only 50
> connections simultaneously, but my system use

  but you can change that and default, postgres support 100
connections (2 for superuser)

>

-- 
http://www.advogato.org/person/mgonzalez/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---