Form in base_template.html

Hi all,

Let's assume you have a *global* login form in the
base_template.html
of a blog like application. How would you handle validation
of such a
form?

The form would need to be passed to every view and every
view should
be made aware of it's validation checking for
form.is_valid()

Typical use-case:
A user is reading an article and he's required to login to
post a
comment. Without leaving the article's page he inserts
username and
password in the login form above the article.

I ended up modifying the workflow but how would you handle
my original
scenario?

I kinda hit the same wall when trying to implement my
home-grown per-
object-permission system as i added a check on every view to
verify
that the current logged-in user was the owner of the records
he was
trying to view/modify.


Thanks,
Lorenzo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Let's separate the problem into:

a. Form display,
b. Form validation. and
c. Page flow or ordering.

Form display is trivial for this example, since you only
need username
and password. This is easily hand-coded into your base
template and
you don't need to pass anything to the various views. One
nice thing
to do is test user.is_anonymous in the template and, if
true, display
the form, else show a link to the user's profile page (or
something
like that).

Validation (the specifics of which are covered at
http://www.djangoproject.com/documentation/authenticat
ion/) can either
occur via AJAXian methods (I particularly like jQuery + its
taconite
plugin for this) or via a normal view that performs the
authentication, showing an error page on failure and for
success
simply bouncing the user back using
HttpResponseRedirect(request.META..get('HTTP_REFERER')).
They are now
on they page where they initiated the login in, but
user.is_anonymous
is now false.

On the site I just finished the whole page (displayed data,
link
destinations, etc.) was predicated on whether you were
logged in or
not. AJAX would have been too complicated (because so many
things
changed) so we used the bounce method and recomputed the
whole
shebang. We also had to do our own backend because even if
the user is
not in auth_user, there are two additional ways they might
validate
(don't blame me, I'm just the contractor who had to make it
work).

BTW, if you prefer using email addresses for login (I
certainly do),
then see http://www
.djangosnippets.org/snippets/74/ for one way to do
this.

  HTH,
  Peter
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---