▶️ Watch Entire Django Blog Playlist ✅ Subscribe To My RUclips Channel: bit.ly/3bWN6wj bit.ly/2IGzvOR ▶️ See More At: ✅ Join My Facebook Group: Codemy.com bit.ly/2GFmOBz ▶️ Learn to Code at Codemy.com ✅ Buy a Codemy T-Shirt! Take $30 off with coupon code: youtube1 bit.ly/2VC9WUN
I just want to add that you can actually use a "and" statement in "if", so you can have only one statement like this: {% if user.is_authenticated and post.author.id == user.id %}. This saves up a bunch of lines and is more readable imho
@@cnslpsbly could you elaborate please? is this because of the csrf token in the forms? is implementing permissions in the views redundant or is it a good practice?
@@georgesmith3022 Django stores the session in a cookie, with it, it can tell which user is requesting which view. Checking user == post.author means checking the session user vs the post user. Django will only render the part of the html template that corresponds to the {if user = post.author } {else} so there's no way to hack this from the front end. Best practice is do this kinds of checks on the templates (backend) so you can't just change things on the front end.
Hey ! Thank you so much for your videos and especially this one, I finally succeeded in doing something that I had been stalling for days, searching for the solution in vain, and boom ! Thanks to you, it finally works! Thank you from the bottom of my heart for these explanations, it finally made sense!
I have added a Post with category that starts with a capital letter such as "Python", but in the "Python" category page exists no Post. How to solve it?
Hi!! Love your page. your video helped me very much to develop my python skills, So thank you. In my blog project, I need to communicate with the database. When a user creates a post the program should take a special key from the post add to it a new key and the new key to the database. The thing is because we used class in views instead of def I can't pass variable to the form. Maybe you can make a video that explains how to communicate with the database and add special keys to the database?
explaining and letting the student try to figure it out is much better than writing code and letting the student copy it. It's much more fun and easier to remember it this way.
There is another loophole. If I open the Delete page and logout and instead of refreshing, I press the delete button as shown at 12:25 . It will still delete the post even while logged out. Any solution to this problem?
Yep..I have like a dozen Django courses at Codemy.com get total lifetime membership for $49 (all my courses, one time fee) using coupon code: chatgpt for the next couple days
I found a solution We need to create a foreign key in the model That key should be referencing to the auth_user model of django In that foreign key we need to create a related_name value With that related name we can access blogs with the current user logged in
@@Codemycom Well, better might not have been the best choice of word as it depends on use case.. But, I do wanted to understand the difference between the two approach. I believe the HTTP response header would be different but is there any difference in terms of security or other parameters?
I want to determine the correct user by views and decorators. does anybody have any example of determining the correct user using views and decorators?
What if I want to make a blog post with users and editors. The users can make the post but only the people from the editors team can edit any blog? Should I make 2 models -> Users and Editors?
@@Codemycom I want to make the website so that the website has users, and these users will go to a dashboard where they can send their blog to the editors. Now there are the editors who have access to another dashboard (another dashboard in the sense, they will be redirected to another page like "/editor"). The editors can review the blogs made by users and then publish it directly to the blog page. I have React as my Frontend and I will be using Django REST Framework to build an API. My initial approach was to make a single model Users(I'll just make a custom user model building upon the default User model by using AbstractUser). I'll add a Boolean field is_editor. Now in the Frontend when I get the API I'll use is_editor to redirect to "/editor". The problem is I'm a beginner in Django and is there any problem with this approach?
The admin already has that permission on the Django admin dashboard, but if you wanted to give them that permission on the webpage itself, you could easily do so with an elif statement on the code from this video.
does anyone have a problem with is_authenticated always return false even though it return the same id both author id and user id, still jump to false. it was working until this video
How to solve this problem without using JS. remove author from forms.py, fields and widget. add this line of code in the views.py class AddPostView(CreateView): model = Post form_class = PostForm template_name = 'add_post.html' def form_valid(self, form): form.instance.author = self.request.user return super().form_valid(form)
▶️ Watch Entire Django Blog Playlist ✅ Subscribe To My RUclips Channel:
bit.ly/3bWN6wj bit.ly/2IGzvOR
▶️ See More At: ✅ Join My Facebook Group:
Codemy.com bit.ly/2GFmOBz
▶️ Learn to Code at Codemy.com ✅ Buy a Codemy T-Shirt!
Take $30 off with coupon code: youtube1 bit.ly/2VC9WUN
I just want to add that you can actually use a "and" statement in "if", so you can have only one statement like this: {% if user.is_authenticated and post.author.id == user.id %}. This saves up a bunch of lines and is more readable imho
thanks!
post.author == user will work as well, however he should protect the views also, otherwise somebody can call the url directly
@@georgesmith3022 even if they call the views they'd have to spoof the sesión to bypass this mechanism
@@cnslpsbly could you elaborate please? is this because of the csrf token in the forms? is implementing permissions in the views redundant or is it a good practice?
@@georgesmith3022 Django stores the session in a cookie, with it, it can tell which user is requesting which view. Checking user == post.author means checking the session user vs the post user.
Django will only render the part of the html template that corresponds to the {if user = post.author } {else} so there's no way to hack this from the front end.
Best practice is do this kinds of checks on the templates (backend) so you can't just change things on the front end.
John, thank you for your intelligence, charisma, and your lessons, I watch you from Russia and I want to say: Спасибо!
My pleasure!
Hey ! Thank you so much for your videos and especially this one, I finally succeeded in doing something that I had been stalling for days, searching for the solution in vain, and boom ! Thanks to you, it finally works! Thank you from the bottom of my heart for these explanations, it finally made sense!
Very welcome!
Fantastic! More video with django!! :)
More to come!
I have added a Post with category that starts with a capital letter such as "Python", but in the "Python" category page exists no Post. How to solve it?
Thanks for sharing such a great content!
Glad you enjoy it!
I like how you start with very first entry
Glad to hear it
Thank you for sharing a video plz do add the post which consists a image of the post or related to the post if any!
Ok will probably do that
Thank you so much! This was really helpful!
Glad you liked it!
Hi!! Love your page. your video helped me very much to develop my python skills, So thank you. In my blog project, I need to communicate with the database. When a user creates a post the program should take a special key from the post add to it a new key and the new key to the database. The thing is because we used class in views instead of def I can't pass variable to the form. Maybe you can make a video that explains how to communicate with the database and add special keys to the database?
explaining and letting the student try to figure it out is much better than writing code and letting the student copy it.
It's much more fun and easier to remember it this way.
lol
There is another loophole. If I open the Delete page and logout and instead of refreshing, I press the delete button as shown at 12:25 . It will still delete the post even while logged out. Any solution to this problem?
Thank you :)
Is your paid course valid for 2023 / Django 4?
Yep..I have like a dozen Django courses at Codemy.com get total lifetime membership for $49 (all my courses, one time fee) using coupon code: chatgpt for the next couple days
How testimonials is managed by admin panel?
Instead of all the blogs, how to make the current logged in user see only his blogs?
I found a solution
We need to create a foreign key in the model
That key should be referencing to the auth_user model of django
In that foreign key we need to create a related_name value
With that related name we can access blogs with the current user logged in
Is this approach better or should we use the UserPassesTextMixin to achieve this? Please confirm.
Better? Use whatever method you want.
@@Codemycom Well, better might not have been the best choice of word as it depends on use case.. But, I do wanted to understand the difference between the two approach. I believe the HTTP response header would be different but is there any difference in terms of security or other parameters?
I want to determine the correct user by views and decorators. does anybody have any example of determining the correct user using views and decorators?
how to make the current logged in user see only his blogs??
What if I want to make a blog post with users and editors. The users can make the post but only the people from the editors team can edit any blog? Should I make 2 models -> Users and Editors?
That's probably a good way to do it
@@Codemycom I want to make the website so that the website has users, and these users will go to a dashboard where they can send their blog to the editors. Now there are the editors who have access to another dashboard (another dashboard in the sense, they will be redirected to another page like "/editor"). The editors can review the blogs made by users and then publish it directly to the blog page. I have React as my Frontend and I will be using Django REST Framework to build an API. My initial approach was to make a single model Users(I'll just make a custom user model building upon the default User model by using AbstractUser). I'll add a Boolean field is_editor. Now in the Frontend when I get the API I'll use is_editor to redirect to "/editor". The problem is I'm a beginner in Django and is there any problem with this approach?
@@pranavt.j.1157 Give it a try :-)
the admin should have the edit and delete permission.
The admin already has that permission on the Django admin dashboard, but if you wanted to give them that permission on the webpage itself, you could easily do so with an elif statement on the code from this video.
@@Codemycom or even in view.py file
@@delllatitude299 but why?
@@Codemycom no just a suggestion. we can also control this thing in view.py file to prevent and allow different users to access specific info or page.
Thank you!
You're welcome!
Are you going to show who to make it so that in the author section you can only send p[posts as the person logged in?
Already did that: ruclips.net/video/TAH01Iy5AuE/видео.html
Sir it better to do this stuff in views.py, like
if str(request.user) == post.author:
update post or "Do something"
else:
"Display message"
We're using classed based views, so that's not easily done.
@@Codemycom 🤔 really? I didn't know that interesting thanks sir
Love this Video sir
I got it it is small post.author not big Post.author.id
I used it for my website
does anyone have a problem with is_authenticated always return false even though it return the same id both author id and user id, still jump to false. it was working until this video
i work around this with just post.author.id == user.id
❤❤❤
:-)
How to solve this problem without using JS.
remove author from forms.py, fields and widget. add this line of code in the views.py
class AddPostView(CreateView):
model = Post
form_class = PostForm
template_name = 'add_post.html'
def form_valid(self, form):
form.instance.author = self.request.user
return super().form_valid(form)
I do that very thing later on in the playlist
Sir, please share your linkedin profile
www.linkedin.com/pub/john-elder/55/a31/493
:-)
Noice