Seems like a security hole, whereby people may supply additional
fields if they can guess their counterparts on the model. Its
'exclude', not 'exclude_maybe'.
...Unless I'm missing something fundamental.
-S
On Mar 31, 9:11 pm, orokusaki wrote:
> I'm working on an SAAS project, and there is an `
Let me just say that my non-patch above is just an abstract idea, and
I don't know if it will work like that without other changes, but I
think it gets the idea across.
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group,
I'm working on an SAAS project, and there is an ``account`` attribute
(foreign key) on every model in the project (similar to those who have
a ``user`` or ``created_by`` attribute on every model). ``account`` is
added to the request object using a MiddleWare class.
When I'm writing views, I have t
On Mar 31, 3:27 pm, Russell Keith-Magee
wrote:
> But under your proposal, you *can't* use your own permission model. If
> BaseUser inherits from BasePermissions, and every application with a
> custom user needs to inherit from BaseUser, then you never get the
> opportunity to use your own permi
On Wed, Mar 31, 2010 at 8:48 PM, Flo wrote:
>
> On Mar 31, 12:48 pm, Russell Keith-Magee
> wrote:
>> On Wed, Mar 31, 2010 at 4:35 PM, Flo wrote:
>>
>> > Here an updated, fresh summary:
>>
>> > Plan
>> > ---
>>
>> > Add an abstraction layer to the auth.User class
>>
>> > Method
>> > -
On Mar 31, 12:48 pm, Russell Keith-Magee
wrote:
> On Wed, Mar 31, 2010 at 4:35 PM, Flo wrote:
>
> > Here an updated, fresh summary:
>
> > Plan
> > ---
>
> > Add an abstraction layer to the auth.User class
>
> > Method
> > -
>
> > An extra abstraction layer will be added for the User
The docs say about Field.to_python():
"""
As a general rule, the method should deal gracefully with any of the
following arguments:
* An instance of the correct type (e.g., Hand in our ongoing
example).
* A string (e.g., from a deserializer).
* Whatever the database returns for the co
On Wed, Mar 31, 2010 at 6:05 PM, Renato Garcia Pedigoni
wrote:
> Hi Russel
>
>> Apologies - I confused matters by talking about templates. What I
>> meant to say is that Django currently has a JSON serializer. It
>> implements a bunch of design decisions that describe how models are
>> displayed.
On Wed, Mar 31, 2010 at 4:35 PM, Flo wrote:
>
> Here an updated, fresh summary:
>
>
>
> Plan
> ---
>
> Add an abstraction layer to the auth.User class
>
>
>
> Method
> -
>
> An extra abstraction layer will be added for the User class in form of
> a BaseUser class. The BaseUser class wi
Hi Russel
Apologies - I confused matters by talking about templates. What I
> meant to say is that Django currently has a JSON serializer. It
> implements a bunch of design decisions that describe how models are
> displayed. If you want to prove that your serialization framework is
> flexible, sho
Here an updated, fresh summary:
Plan
---
Add an abstraction layer to the auth.User class
Method
-
An extra abstraction layer will be added for the User class in form of
a BaseUser class. The BaseUser class will consist of :
* the whole permission stuff (user_permissions,
get_
11 matches
Mail list logo
