stackoom
  简体   繁体   中英

How to add field to form securely hidden

 原文  2021-01-29 15:02:10       django/ forms

Question

I have a form that when submitted, it saves some data and one of these fields is a foreign key for user id. I want to pass this request.user.id value without it showing in the HTML code (I dont want people to change it in from the inspect because of security reasons).

This is the HTML:

<form method="POST" action="">
{% csrf_token %}
<div class="container-fluid my-3">
    <div class="row justify-content-center">
        {% for field in form %}
        <div class="{% if forloop.counter0 == 0 %} col-2 {% else %} col-1 {% endif %}">
            {{ field }}
        </div>
        {% endfor %}
        <div class="col-1">
            <input class="btn btn-primary" type="submit" display="inline" id='test'>
        </div>
    </div>
</div>

This is the model:

class SaleEntry(models.Model):
date = models.DateField()
ebay_price = models.FloatField()
amazon_price = models.FloatField()
ebay_tax = models.FloatField()
paypal_tax = models.FloatField()
tm_fee = models.FloatField(default=0.3)
promoted = models.FloatField(default=0.0)
profit = models.FloatField()
user = models.ForeignKey(User, on_delete=models.CASCADE)

This is the form:

class SaleEntryForm(ModelForm):
class Meta:
    model = SaleEntry
    fields = [
        'date',
        'ebay_price',
        'amazon_price',
        'ebay_tax',
        'paypal_tax',
        'tm_fee',
        'promoted',
        'profit'
    ]
    widgets = {
        'date': DateInput(attrs={'class': 'form-control'}),
        'ebay_price': forms.NumberInput(attrs={'class': 'form-control', 'placeholder': 'eBay Price', 'id':'f_ebay_price', 'onchange': 'calc_profit()'}),
        'amazon_price': forms.NumberInput(attrs={'class': 'form-control', 'placeholder': 'Amazon Price', 'id':'f_amazon_price', 'onchange': 'calc_profit()'}),
        'ebay_tax': forms.NumberInput(attrs={'class': 'form-control col-1', 'placeholder': 'eBay Tax', 'id':'f_ebay_tax', 'onchange': 'calc_profit()'}),
        'paypal_tax': forms.NumberInput(attrs={'class': 'form-control col-1', 'placeholder': 'Paypal Tax', 'id':'f_paypal_tax', 'onchange': 'calc_profit()'}),
        'tm_fee': forms.NumberInput(attrs={'class': 'form-control col-1', 'placeholder': 'TM Fee', 'id':'f_tm_fee', 'onchange': 'calc_profit()'}),
        'promoted': forms.NumberInput(attrs={'class': 'form-control col-1', 'placeholder': 'Promoted', 'id':'f_promoted', 'onchange': 'calc_profit()'}),
        'profit': forms.NumberInput(attrs={'class': 'form-control', 'placeholder': 'Profit', 'readonly':'true', 'id':'f_profit'}),
    }

I can't save the form like this because I need to pass user_id.

1 answers

solution1
 1  2021-01-29 16:08:24

You can get the current user directly from the views by getting using request.user

This can be passed directly into your forms.py using '__init__' in your form.

You can find more info here: How to pass username into function inside a form in django?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How To Update Hidden Field In Django Form How to fill a hidden field in a Django form? How do I get an item into a hidden form field in django? Django's Generic UpdateView: How to pass value to the hidden form field? (How) can I tell if my form field is hidden in Django template How can I add avatar and hidden field to django idios How to add hidden input for ID field inside django-tables2? Change a Django form field to a hidden field How does one add default (hidden) values to form templates in Django? How to securely get time delta between form load and form submit?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM