Open lorddaedra opened 2 years ago
jonashaag
commented
2 years ago Sounds like a legitimate use case.
I didn't find any code dealing with PKs with a quick search in this repo. Maybe this is coming from Django itself?
You might want to make a custom Field that encrypts its value with a secret when coming from the DB and decrypts it before going to the DB.
lorddaedra
commented
2 years ago Sounds like a legitimate use case.
Yes, IMHO it's also a Django-way. We can open any generic views from Django source code and ensure they have support for slug-based getters as alternative to pk.
I didn't find any code dealing with PKs with a quick search in this repo. Maybe this is coming from Django itself?
Yes, you're right.
Why do fieldsets do not support pk to slug replacements? I think, the answer is simple here. Django maintainers do not use fieldsets in "frontend applications", they use them only in admin panel, it's a thing like "back office". So if someone already has access to admin panel, he/she may investigate our system in details, so we already do not have big motivation to hide real integer pk of our objects or something like that.
That's why this feature may be will never implemented in Django itself. (At least until we will see any generic views with fieldsets usage inside in Django source code.)
But it can be a good idea to improve it on django-extra-views side.
Maybe this is coming from Django itself?
Just replace
{{ Features }}to
{{ Features.management_form }}
{% for feature_form in Features %}
{{ feature_form.display_name }}
{{ feature_form.display_name.errors }}
<input type="hidden" name="{{ feature_form.prefix }}-id" value="{{ feature_form.instance.uid }}" id="id_{{ feature_form.prefix }}-id">
{% endfor %}in template and that's all. (Plus get_formset_kwargs changes from my first message)
So, yes, {{ Features }} will add two hidden input fields per each inline form (pk of feature and fk to survey but it's safe to omit it, fk is needed only for + Add new feature new inline forms).
About fk hidden fields: it's possible to use slugs (uid) for + Add forms here too and remove hidden fk fields completely from any forms for existed inline objects.
@staticmethod
def process_post_data(obj, post_data):
object_id = str(obj.id)
changes = {}
...
for field_name, value in post_data.items():
...
if field_name.endswith('-display_name'):
changes[field_name.replace('-display_name', '-survey')] = object_id
...This is similar to
<input type="hidden" name="{{ feature_form.prefix }}-survey" value="{{ feature_form.instance.id }}" id="id_{{ feature_form.prefix }}-survey">You might want to make a custom Field that encrypts its value with a secret when coming from the DB and decrypts it before going to the DB.
If we will create additional form field, we need somehow prevent updating value of that field (may be del it before formset.save()). We should not allow to change value of uid field, for example.
Problem
Let's assume, we have two models.
models.py:Now we would like to use
UpdateWithInlinesView.Let's view our form html:
We have
Featureinstance ids there for each of formset members. It's acceptable for most of projects but we may want to use slug fields (uidin this case).We have motivation to do it if we use integer PK (for performance reasons) and would like to prevent marketing tracking from our competitors (they may create new features every month and compare feature ids to each other to answer questions like
how much new surveys do we have in this monthand so on).form html:
Solution
We replace slugs (
uids) to ids here during processing POST data. First step: we createuidslist. Second step: we loadfeatureslist of dicts withidanduiddata from database based onuidsvalues. Third step: we replace slugs to id if we know how to do it (we readfeatures).Suggestions
django-extra-views?