Cheng Zhang wrote:
> if request.POST:
> new_data = request.POST.copy()
>
> # here I am filling in fields from the fetched object
> # to make sure that the user can't pass in security relevant
> # data. Make sure that you turn your values into strings,
> # as that's expected by the later html2python call.
> u = users.get_object(pk=user_id)
> new_data['username'] = u.username;
> new_data['password'] = u.password;
> ....
Unfortunately that recipe looks like it's out of date. Now that
manipulators have a flatten_data method you should use that to do all
conversion from Python objects to strings.
I think you should be able to replace what you have with something
like:
The view code:
==========
def profile_edit_info(request, user_id):
try:
manipulator = users.ChangeManipulator(user_id)
except users.UserDoesNotExist:
raise Http404
if request.POST:
# flatten existing data to strings
new_data = manipulator.flatten_data()
# convert posted data to regular Python dictionary and update
new_data.update(dict(request.POST.items()))
errors = manipulator.get_validation_errors(new_data)
manipulator.do_html2python(new_data)
if not errors:
new_user = manipulator.save(new_data)
return HttpResponseRedirect('/cms/')
else:
# No POST, so we want a brand new form without any data or errors.
errors = {}
new_data = manipulator.flatten_data()
# Create the FormWrapper, template, context, response.
form = formfields.FormWrapper(manipulator, new_data, errors)
return render_to_response('cms/profile_edit_info', {'form': form},
Context(request))
=====
This is still not ideal. Because request.POST is not a regular Python
dictionary but an instance of MultiValueDict - designed to allow for
multiple posted values for each key - you need to convert it to a
regular Python dictionary, as above, before updating the flattened
data.
I wonder if all of this should really be wrapped up inside the
manipulator itself so that people don't have to worry about it?
I'll update the wiki.
Kieran
