Django "fields" attribute of user forms (UserCreationForm an - Enhance your coding expertise with aaronn on @onlycoders.net

2 years ago

#371517

aaronn

Django "fields" attribute of user forms (UserCreationForm and UserChangeForm)

It is strongly recommended that you explicitly set all fields that should be edited in the form using the fields attribute.

I have a custom user model, so I overrode UserCreationForm and UserChangeForm, but I'm not sure about the fields attribute of the Meta class. The admin site will be editing all fields of a user; so in UserChangeForm, do I have to include all fields in this attribute? like this:

class Meta:
    model = User
    fields = (
        "email",
        "password",
        "is_active",
        "is_staff",
        "is_superuser",
        "date_joined",
        "last_login",
        "groups",
        "user_permissions",
        # maybe there are others that I'm missing?
    )

Or in this case, it's safe to use the '__all__' shortcut?

The admin site uses UserChangeForm for editing user attributes (including permissions and so); so these need to be included in the fields attribute. But does this mean using the UserChangeForm anywhere other than the admin site, causes those security issues mentioned in the docs?

python

django

django-forms

field

django-users

0 Answers

Your Answer

Posts

Questions

Blogs

Django &quot;fields&quot; attribute of user forms (UserCreationForm and UserChangeForm)

Django "fields" attribute of user forms (UserCreationForm and UserChangeForm)