Rastopapola
commented
5 months ago The user would need to know this path exists and they can call it directly via the browser. It is highly unlikely imho, that most users would do this. If button-smashing is the only way to open your modal form, they would need to analyze the network using the browser's dev tools to know about this url. Again: very unlikely. And if they would still do all this and then just open the route directly, they are greeted by some raw html form, that does not provide the same UX as if they would just click the button.
If they can not harm your application, I would not bother at all.
Hello ! Trying out the modal forms, it's working well overall !
But there's one thing I can't figure out : how do you restrict the access to the form view ? I don't want my registered user to be able to access like http://127.0.0.1:8000/books/create BUT they should have to right to load the modal that creates books
thank you for your help