Safe template decorator

A decorator that restricts the tags and filters available to template loading and parsing within a function. This is mainly meant to be used when granting users the power of the DTL. You obviously don't want users to be able to do things that could be potentially malicious. The {% ssi %} tag, for example, could be used to display sensitive data if improperly configured. {% load %} gives them access to all the unlimited python code you wrote in your templatetags. {% load sudo %}{% sudo rm -rf / %} o_0 Note that the "load" tag (among others) is not listed in the default tag whitelist. If you parse a template (however indirectly) in a function decorated with this, unlisted builtin tags will behave like undefined tags (ie, they will result in a TemplateSyntaxError). Since {% load %} is not whitelisted, you may want to include some custom tags or filters as "builtins" for convenience. Simply put the module paths to the libraries to include in the `extra` kwarg or the `extra_libraries` list. Generally, this is not recommended, as these libraries need to be carefully and defensively programmed. **NOTE**: This **does not** do anything about cleaning your rendering context! That's completely up to you! This merely restricts what tags and filters are allowed in the templates. Examples: from django.template.loader import get_template safe_get_template = use_safe_templates(get_template) tmpl = safe_get_template('myapp/some_template.html') from django.template import Template use_safe_templates(Template)('{% load sudo %}') # TemplateSyntaxError: Invalid block tag 'load'

• template
• clean
• safe
• restrict

Thu 01 Apr 2021 Read More

Binding signals to abstract models

Intro ----- I found a question on SO for which Justin Lilly's answer was correct but not as thorough as I'd like, so I ended up working on a simple snippet that shows how to bind signals at runtime, which is nifty when you want to bind signals to an abstract class. Bonus: simple cache invalidation! Question -------- [How do I use Django signals with an abstract model?](http://stackoverflow.com/questions/2692551/how-do-i-use-django-signals-with-an-abstract-model) I have an abstract model that keeps an on-disk cache. When I delete the model, I need it to delete the cache. I want this to happen for every derived model as well. If I connect the signal specifying the abstract model, this does not propagate to the derived models: pre_delete.connect(clear_cache, sender=MyAbstractModel, weak=False) If I try to connect the signal in an init, where I can get the derived class name, it works, but I'm afraid it will attempt to clear the cache as many times as I've initialized a derived model, not just once. Where should I connect the signal? Answer ------ I've created a custom manager that binds a post_save signal to every child of a class, be it abstract or not. This is a one-off, poorly tested code, so beware! It works so far, though. In this example, we allow an abstract model to define CachedModelManager as a manager, which then extends basic caching functionality to the model and its children. It allows you to define a list of volatile keys that should be deleted upon every save (hence the post_save signal) and adds a couple of helper functions to generate cache keys, as well as retrieving, setting and deleting keys. This of course assumes you have a cache backend setup and working properly.

• managers
• models
• cache
• model
• manager
• signals
• abstract
• signal
• contribute_to_class

Thu 25 Apr 2024 Read More

User groups template tag with "else" block support (Allow checking several groups)

An "if-style" template tag that checks to see if a user belongs to a one or mores groups (by name). Usage: `{% ifusergroup Admins %} ... {% endifusergroup %} or {% ifusergroup Admins Clients Programmers Managers %} ... {% else %} ... {% endifusergroup %}`

• tag
• templatetag
• user
• auth
• group

Sun 09 Dec 2012 Read More

Caching Decorator

This is a decorator which will gets Django to try the cache before computing the result of a function. It automatically builds the cache key as a hash of the function name and inputs, and allows you to set whatever timeout you want.

• cache
• decorator
• speed
• caching
• fast

Wed 05 Jan 2022 Read More

Converts an integer or floating-point number or a string to a string containing the delimiter character (default comma) after every delimeter_count digits (by default 3 digits)

Converts an integer or floating-point number or a string to a string containing the delimiter character (default comma) after every delimeter_count digits (by default 3 digits)

• format
• string
• humanize
• integer
• comma
• space
• decimal
• number
• thousands
• float
• human

Thu 15 Mar 2012 Read More

Easier chainability with custom QuerySets

Django allows you to specify your own ModelManager with custom methods. However, these methods are chainable. That is, if you have a method on your PersonManager caled men(), you can't do this: Person.objects.filter(birth_date__year=1978).men() Normally, this isn't a problem, however your app may be written to take advantage of the chainability of querysets. For example, you may have an API method which may return a filtered queryset. You would want to call with_counts() on an already filtered queryset. In order to overcome this, we want to override django's QuerySet class, and then make the Manager use this custom class. The only downside is that your functions will not be implemented on the manager itself, so you'd have to call `Person.objects.all().men()` instead of `Person.objects.men()`. To get around this you must also implement the methods on the Manager, which in turn call the custom QuerySet method.

• model
• manager
• queryset

Wed 30 Jan 2013 Read More

Generic CSV export admin action factory with labels

Based on [#2020](http://djangosnippets.org/snippets/2020/) This snippet creates a simple generic export to csv action that you can specify the fields you want exported and the labels used in the header row for each field. It expands on #2020 by using list comprehensions instead of sets so that you also control the order of the fields as well.

• export
• csv
• label

Thu 17 Jan 2013 Read More

Easier and Faster than flatpages. Rendering templates by simpling calling by his path on the URL

This is in my opinion a better way to have flat pages in a project. In the example with the url patterns settings: / will render -> /pages/welcome.html /contact will render -> /pages/contact.html /products/ will render -> /pages/products/index.html /products/pricing will render -> /pages/products/pricing.html

• views
• flatpages
• class-based-views
• 1.4
• class-based-views_1

Tue 08 Jan 2013 Read More

Test Suite URL Coverage

This custom test suite runner will record all of the URLs accessed during your test suite. It will compare it to the list of all URLs you have configured for your site and produce a report of any URLs missed. It requires that all URLs are named (using the ``name=`` parameter). To use is, set the ``TEST_RUNNER`` variable in your configuration to this class. You can also define ignored URLs. For example, to filter out the admin URLs, you can use: IGNORED_COVERAGE_URLS = ['^admin/', '^admin/doc/']

• urlconf
• testing
• testrunner

Mon 05 Mar 2012 Read More

True Unique Boolean Decorator

Useful when you want to keep only one instance of a model to be the default one. This is a decorative way of doing the same as in http://djangosnippets.org/snippets/1830/ Can this be made better as a class decorator (not having to declare explicitly the save method) ?

• model
• unique
• boolean

Mon 06 Feb 2012 Read More

Improved Button Admin

An improved version of http://djangosnippets.org/snippets/1016/ which lets you add separate buttons for change_list and change_form pages in the admin.

• admin
• buttons

Tue 25 Jun 2013 Read More

Hyperlink read-only ForeignKey objects in admin to their change pages

If you set a ForeignKey field in the admin to read-only, you can use this snippet to automatically create a hyperlink to that object.

• admin

Tue 28 Jan 2014 Read More

Multilingual site based on domain - not accept header and django_session

On our site [Fornebuklinikken - A cosmetic surgeon in Norway](http://www.fornebuklinikken.no) we also have a domain [http://fornebuklinikken.com](http://www.fornebuklinikken.no) which should be using the 'en' language. We didn't wan't to use the standard locale lib, and wrote our own middleware which lookups the correct language corresponding to the domain (.no or .com) Any questions? Contact me on herman.schistad (at) gmail.com

• internationalization
• middleware
• multilingual
• locale
• domain
• localeurl

Fri 16 Mar 2012 Read More

ModelChoiceField with option groups

This is a ModelChoiceField where the choices are rendered in optiongroups (this is already posible with a normal Choicefield) For this to work properly the queryset you supply should already be ordered the way you want (i.e. by the group_by_field first, then any sub-ordering)

• modelchoicefield

Sat 31 Aug 2013 Read More

Active link

I needed a way to find if a menu items should be active. After searching the internet i found a few options*, but none of them did fit my needs, so i wrote my own: Usage: <a href="{% url 'view-name' %}" class="{% current request 'view-name' %}"></a> * http://gnuvince.wordpress.com/2008/03/19/the-new-and-improved-active-tag/ * http://stackoverflow.com/questions/340888/navigation-in-django

• template
• path
• active
• link
• current

Fri 14 Jun 2019 Read More