Django tutorials :: Django

<

User Accounts
At the heart of a web application is the
ability for any user, anywhere in the world,
to register an account with your app and
start using it. In this chapter you’ll build forms
so users can add their own topics and entries, and edit
existing entries. You’ll also learn how Django guards
against common attacks to form-based pages so you
don’t have to spend too much time thinking about
securing your apps.
We’ll then implement a user authentication system. You’ll build a regis￾tration page for users to create accounts, and then restrict access to certain
pages to logged-in users only. We’ll then modify some of the view functions
so users can only see their own data. You’ll learn to keep your users’ data
safe and secure.
Allowing Users to Enter Data
Before we build an authentication system for creating accounts, we’ll first
add some pages that allow users to enter their own data. We’ll give users
the ability to add a new topic, add a new entry, and edit their previous
entries.
Currently, only a superuser can enter data through the admin site. We
don’t want users to interact with the admin site, so we’ll use Django’s form￾building tools to build pages that allow users to enter data.
Adding New Topics
Let’s start by giving users the ability to add a new topic. Adding a form￾based page works in much the same way as the pages we’ve already built:
we define a URL, write a view function, and write a template. The one major
difference is the addition of a new module called forms.py, which will con￾tain the forms.
The Topic ModelForm
Any page that lets a user enter and submit information on a web page is a
form, even if it doesn’t look like one. When users enter information, we need
to validate that the information provided is the right kind of data and not
anything malicious, such as code to interrupt our server. We then need to
process and save valid information to the appropriate place in the database.
Django automates much of this work.
The simplest way to build a form in Django is to use a ModelForm, which
uses the information from the models we defined in Chapter 18 to auto￾matically build a form. Write your first form in the file forms.py, which you
should create in the same directory as models.py
orms.py from django import forms
from .models import Topic
u class TopicForm(forms.ModelForm):
 class Meta:
v model = Topic
w fields = ['text']
x labels = {'text': ''}
We first import the forms module and the model we’ll work with, Topic.
At u we define a class called TopicForm, which inherits from forms.ModelForm.
The simplest version of a ModelForm consists of a nested Meta class tell￾ing Django which model to base the form on and which fields to include
in the form. At v we build a form from the Topic model and include only
the text field w. The code at x tells Django not to generate a label for the
text field.
The new_topic URL
The URL for a new page should be short and descriptive, so when the user
wants to add a new topic, we’ll send them to http://localhost:8000/new_topic/.
Here’s the URL pattern for the new_topic page, which we add to learning_logs/
urls.py:
urls.py --snip--
urlpatterns = [
 --snip--
 # Page for adding a new topic
 url(r'^new_topic/$', views.new_topic, name='new_topic'),
]
This URL pattern will send requests to the view function new_topic(),
which we’ll write next.
The new_topic() View Function
The new_topic() function needs to handle two different situations: initial
requests for the new_topic page (in which case it should show a blank form)
and the processing of any data submitted in the form. It then needs to
redirect the user back to the topics page:
views.py from django.shortcuts import render
from django.http import HttpResponseRedirect
from django.core.urlresolvers import reverse
from .models import Topic
from .forms import TopicForm
--snip--
def new_topic(request):
 """Add a new topic."""
u if request.method != 'POST':
 # No data submitted; create a blank form.
v form = TopicForm()
 else:
 # POST data submitted; process data.
w form = TopicForm(request.POST)
x if form.is_valid():
y form.save()
z return HttpResponseRedirect(reverse('learning_logs:topics'))
{ context = {'form': form}
 return render(request, 'learning_logs/new_topic.html', context)
We import the class HttpResponseRedirect, which we’ll use to redirect the
reader back to the topics page after they submit their topic. The reverse()
function determines the URL from a named URL pattern, meaning that
Django will generate the URL when the page is requested. We also import
the form we just wrote, TopicForm.