Re: The key of permissions model

2012-09-20 Thread Anssi Kääriäinen
On 20 syys, 17:11, Michael Manfre wrote: > Instead of get_permission('app_label.permission_name'), why not punt on the > problem > until schema migrations lands. Only provide a plural helper method that > always returns > a list. The first argument could be either a string or a list of strings. >

Re: Logging Out with POST by Default?

2012-09-20 Thread Carl Meyer
On 09/20/2012 11:52 AM, Adam Taylor wrote: > I recently read the Coding Horror article Cross-Site Request Forgeries > and You > , > which suggests requiring an HTTP POST form submission for logging out. > This same

Logging Out with POST by Default?

2012-09-20 Thread Adam Taylor
I recently read the Coding Horror article Cross-Site Request Forgeries and You, which suggests requiring an HTTP POST form submission for logging out. This same suggestion is implied in the Django book (chapter

Re: More efficient m2m assignment SQL

2012-09-20 Thread Anssi Kääriäinen
On 27 heinä, 18:50, Jeremy Dunck wrote: > Ah, yes, hmm.  Actually, it *is* possible to get signals attached to > the through. > > from django.db.models import signals > signals.pre_delete.connect(handler, sender=Voter.districts.through) > > So I don't think we can even take that shortcut on just t

Re: The key of permissions model

2012-09-20 Thread Michael Manfre
Instead of get_permission('app_label.permission_name'), why not punt on the problem until schema migrations lands. Only provide a plural helper method that always returns a list. The first argument could be either a string or a list of strings. This leaves it up to the caller to determine what