Hi, > I tried that before your answer arrived and it worked like a charm. I > just excluded the author field from the form and kept everything else > the same. It works perfectly, as the user was already passed to the > author field in the view. A logged in user can now automatically post > a story now through the form and it appears under their username. > > So simple. I asked elsewhere and received extremely convoluted answers > that caused more confusion and chaos rather than comfort. > > Thank you for reaffirming. Although, I didn't have to override the > form (new_story.save()) to make it work. I should probably just leave > it alone and enjoy the functionality!
You should only check that, although the user field now does not appear in the form, the user cannot override the user field by changing the POST request that is sent to your server after submitting. So it's definitively safer to explicitly override the user field in your model on save(), instead of relying on a pre-filled field. best Bernhard -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
