2013-07-30 01:19:04 +08:00
|
|
|
from __future__ import unicode_literals
|
2011-10-17 21:15:40 +08:00
|
|
|
|
2010-01-05 11:56:19 +08:00
|
|
|
from django.core.exceptions import ValidationError
|
2011-10-17 21:15:40 +08:00
|
|
|
from django.forms import Form
|
|
|
|
from django.forms.fields import IntegerField, BooleanField
|
|
|
|
from django.forms.util import ErrorList
|
2013-06-19 23:18:40 +08:00
|
|
|
from django.forms.widgets import HiddenInput
|
2012-08-12 18:32:08 +08:00
|
|
|
from django.utils.encoding import python_2_unicode_compatible
|
2013-06-22 15:25:14 +08:00
|
|
|
from django.utils.functional import cached_property
|
2008-07-19 07:54:34 +08:00
|
|
|
from django.utils.safestring import mark_safe
|
2012-07-20 20:48:51 +08:00
|
|
|
from django.utils import six
|
2012-07-21 00:53:11 +08:00
|
|
|
from django.utils.six.moves import xrange
|
2013-05-04 16:08:38 +08:00
|
|
|
from django.utils.translation import ungettext, ugettext as _
|
2011-10-17 21:15:40 +08:00
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
|
|
|
|
__all__ = ('BaseFormSet', 'all_valid')
|
|
|
|
|
|
|
|
# special field names
|
|
|
|
TOTAL_FORM_COUNT = 'TOTAL_FORMS'
|
|
|
|
INITIAL_FORM_COUNT = 'INITIAL_FORMS'
|
2010-02-01 22:14:56 +08:00
|
|
|
MAX_NUM_FORM_COUNT = 'MAX_NUM_FORMS'
|
2008-07-19 07:54:34 +08:00
|
|
|
ORDERING_FIELD_NAME = 'ORDER'
|
|
|
|
DELETION_FIELD_NAME = 'DELETE'
|
|
|
|
|
2013-02-12 18:22:41 +08:00
|
|
|
# default maximum number of forms in a formset, to prevent memory exhaustion
|
|
|
|
DEFAULT_MAX_NUM = 1000
|
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
class ManagementForm(Form):
|
|
|
|
"""
|
|
|
|
``ManagementForm`` is used to keep track of how many form instances
|
|
|
|
are displayed on the page. If adding new forms via javascript, you should
|
|
|
|
increment the count field of this form as well.
|
|
|
|
"""
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
|
|
self.base_fields[TOTAL_FORM_COUNT] = IntegerField(widget=HiddenInput)
|
|
|
|
self.base_fields[INITIAL_FORM_COUNT] = IntegerField(widget=HiddenInput)
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
# MAX_NUM_FORM_COUNT is output with the rest of the management form,
|
|
|
|
# but only for the convenience of client-side code. The POST
|
|
|
|
# value of MAX_NUM_FORM_COUNT returned from the client is not checked.
|
2010-03-28 07:03:56 +08:00
|
|
|
self.base_fields[MAX_NUM_FORM_COUNT] = IntegerField(required=False, widget=HiddenInput)
|
2008-07-19 07:54:34 +08:00
|
|
|
super(ManagementForm, self).__init__(*args, **kwargs)
|
|
|
|
|
2012-08-12 18:32:08 +08:00
|
|
|
@python_2_unicode_compatible
|
|
|
|
class BaseFormSet(object):
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
A collection of instances of the same Form class.
|
|
|
|
"""
|
|
|
|
def __init__(self, data=None, files=None, auto_id='id_%s', prefix=None,
|
|
|
|
initial=None, error_class=ErrorList):
|
|
|
|
self.is_bound = data is not None or files is not None
|
2009-03-10 19:19:26 +08:00
|
|
|
self.prefix = prefix or self.get_default_prefix()
|
2008-07-19 07:54:34 +08:00
|
|
|
self.auto_id = auto_id
|
2010-11-22 01:27:01 +08:00
|
|
|
self.data = data or {}
|
|
|
|
self.files = files or {}
|
2008-07-19 07:54:34 +08:00
|
|
|
self.initial = initial
|
|
|
|
self.error_class = error_class
|
|
|
|
self._errors = None
|
|
|
|
self._non_form_errors = None
|
|
|
|
|
2012-08-12 18:32:08 +08:00
|
|
|
def __str__(self):
|
2008-07-19 07:54:34 +08:00
|
|
|
return self.as_table()
|
|
|
|
|
2010-12-19 21:41:43 +08:00
|
|
|
def __iter__(self):
|
|
|
|
"""Yields the forms in the order they should be rendered"""
|
|
|
|
return iter(self.forms)
|
|
|
|
|
|
|
|
def __getitem__(self, index):
|
|
|
|
"""Returns the form at the given index, based on the rendering order"""
|
2011-09-10 09:53:56 +08:00
|
|
|
return self.forms[index]
|
2010-12-19 21:41:43 +08:00
|
|
|
|
|
|
|
def __len__(self):
|
|
|
|
return len(self.forms)
|
|
|
|
|
2012-08-08 20:52:21 +08:00
|
|
|
def __bool__(self):
|
2011-09-10 08:05:48 +08:00
|
|
|
"""All formsets have a management form which is not included in the length"""
|
|
|
|
return True
|
2012-11-04 04:43:11 +08:00
|
|
|
|
|
|
|
def __nonzero__(self): # Python 2 compatibility
|
|
|
|
return type(self).__bool__(self)
|
2011-09-10 08:05:48 +08:00
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def management_form(self):
|
2009-03-30 23:58:52 +08:00
|
|
|
"""Returns the ManagementForm instance for this FormSet."""
|
2010-11-22 01:27:01 +08:00
|
|
|
if self.is_bound:
|
2009-03-30 23:58:52 +08:00
|
|
|
form = ManagementForm(self.data, auto_id=self.auto_id, prefix=self.prefix)
|
|
|
|
if not form.is_valid():
|
2013-06-06 02:55:05 +08:00
|
|
|
raise ValidationError(
|
|
|
|
_('ManagementForm data is missing or has been tampered with'),
|
|
|
|
code='missing_management_form',
|
|
|
|
)
|
2009-03-30 23:58:52 +08:00
|
|
|
else:
|
|
|
|
form = ManagementForm(auto_id=self.auto_id, prefix=self.prefix, initial={
|
|
|
|
TOTAL_FORM_COUNT: self.total_form_count(),
|
2010-02-01 22:14:56 +08:00
|
|
|
INITIAL_FORM_COUNT: self.initial_form_count(),
|
|
|
|
MAX_NUM_FORM_COUNT: self.max_num
|
2009-03-30 23:58:52 +08:00
|
|
|
})
|
|
|
|
return form
|
|
|
|
|
|
|
|
def total_form_count(self):
|
|
|
|
"""Returns the total number of forms in this FormSet."""
|
2010-11-22 01:27:01 +08:00
|
|
|
if self.is_bound:
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
# return absolute_max if it is lower than the actual total form
|
|
|
|
# count in the data; this is DoS protection to prevent clients
|
|
|
|
# from forcing the server to instantiate arbitrary numbers of
|
|
|
|
# forms
|
|
|
|
return min(self.management_form.cleaned_data[TOTAL_FORM_COUNT], self.absolute_max)
|
2009-03-30 23:58:52 +08:00
|
|
|
else:
|
2010-03-28 07:03:56 +08:00
|
|
|
initial_forms = self.initial_form_count()
|
|
|
|
total_forms = initial_forms + self.extra
|
|
|
|
# Allow all existing related objects/inlines to be displayed,
|
|
|
|
# but don't allow extra beyond max_num.
|
2013-02-12 18:22:41 +08:00
|
|
|
if initial_forms > self.max_num >= 0:
|
|
|
|
total_forms = initial_forms
|
|
|
|
elif total_forms > self.max_num >= 0:
|
|
|
|
total_forms = self.max_num
|
2009-03-30 23:58:52 +08:00
|
|
|
return total_forms
|
|
|
|
|
|
|
|
def initial_form_count(self):
|
|
|
|
"""Returns the number of forms that are required in this FormSet."""
|
2010-11-22 01:27:01 +08:00
|
|
|
if self.is_bound:
|
2009-03-30 23:58:52 +08:00
|
|
|
return self.management_form.cleaned_data[INITIAL_FORM_COUNT]
|
|
|
|
else:
|
2013-03-29 01:16:53 +08:00
|
|
|
# Use the length of the initial data if it's there, 0 otherwise.
|
2013-05-17 22:33:36 +08:00
|
|
|
initial_forms = len(self.initial) if self.initial else 0
|
2009-03-30 23:58:52 +08:00
|
|
|
return initial_forms
|
|
|
|
|
2013-06-22 15:25:14 +08:00
|
|
|
@cached_property
|
|
|
|
def forms(self):
|
|
|
|
"""
|
|
|
|
Instantiate forms at first property access.
|
|
|
|
"""
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
# DoS protection is included in total_form_count()
|
2013-06-22 15:25:14 +08:00
|
|
|
forms = [self._construct_form(i) for i in xrange(self.total_form_count())]
|
|
|
|
return forms
|
2009-03-10 19:19:26 +08:00
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
def _construct_form(self, i, **kwargs):
|
|
|
|
"""
|
|
|
|
Instantiates and returns the i-th form instance in a formset.
|
|
|
|
"""
|
2012-10-04 21:24:23 +08:00
|
|
|
defaults = {
|
|
|
|
'auto_id': self.auto_id,
|
|
|
|
'prefix': self.add_prefix(i),
|
|
|
|
'error_class': self.error_class,
|
|
|
|
}
|
2010-11-22 01:27:01 +08:00
|
|
|
if self.is_bound:
|
2008-07-19 07:54:34 +08:00
|
|
|
defaults['data'] = self.data
|
|
|
|
defaults['files'] = self.files
|
2012-01-15 09:36:14 +08:00
|
|
|
if self.initial and not 'initial' in kwargs:
|
2008-07-19 07:54:34 +08:00
|
|
|
try:
|
|
|
|
defaults['initial'] = self.initial[i]
|
|
|
|
except IndexError:
|
|
|
|
pass
|
|
|
|
# Allow extra forms to be empty.
|
2009-03-30 23:58:52 +08:00
|
|
|
if i >= self.initial_form_count():
|
2008-07-19 07:54:34 +08:00
|
|
|
defaults['empty_permitted'] = True
|
|
|
|
defaults.update(kwargs)
|
|
|
|
form = self.form(**defaults)
|
|
|
|
self.add_fields(form, i)
|
|
|
|
return form
|
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def initial_forms(self):
|
2009-03-30 23:58:52 +08:00
|
|
|
"""Return a list of all the initial forms in this formset."""
|
|
|
|
return self.forms[:self.initial_form_count()]
|
2008-07-19 07:54:34 +08:00
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def extra_forms(self):
|
2008-07-19 07:54:34 +08:00
|
|
|
"""Return a list of all the extra forms in this formset."""
|
2009-03-30 23:58:52 +08:00
|
|
|
return self.forms[self.initial_form_count():]
|
2008-07-19 07:54:34 +08:00
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
2013-01-02 03:50:13 +08:00
|
|
|
def empty_form(self):
|
|
|
|
form = self.form(
|
|
|
|
auto_id=self.auto_id,
|
|
|
|
prefix=self.add_prefix('__prefix__'),
|
|
|
|
empty_permitted=True,
|
|
|
|
)
|
2010-01-26 23:02:53 +08:00
|
|
|
self.add_fields(form, None)
|
|
|
|
return form
|
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def cleaned_data(self):
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
Returns a list of form.cleaned_data dicts for every form in self.forms.
|
|
|
|
"""
|
|
|
|
if not self.is_valid():
|
|
|
|
raise AttributeError("'%s' object has no attribute 'cleaned_data'" % self.__class__.__name__)
|
|
|
|
return [form.cleaned_data for form in self.forms]
|
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def deleted_forms(self):
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
2013-02-09 04:30:06 +08:00
|
|
|
Returns a list of forms that have been marked for deletion.
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
if not self.is_valid() or not self.can_delete:
|
2013-02-09 04:30:06 +08:00
|
|
|
return []
|
2008-07-19 07:54:34 +08:00
|
|
|
# construct _deleted_form_indexes which is just a list of form indexes
|
|
|
|
# that have had their deletion widget set to True
|
|
|
|
if not hasattr(self, '_deleted_form_indexes'):
|
|
|
|
self._deleted_form_indexes = []
|
2009-03-30 23:58:52 +08:00
|
|
|
for i in range(0, self.total_form_count()):
|
2008-07-19 07:54:34 +08:00
|
|
|
form = self.forms[i]
|
|
|
|
# if this is an extra form and hasn't changed, don't consider it
|
2009-03-30 23:58:52 +08:00
|
|
|
if i >= self.initial_form_count() and not form.has_changed():
|
2008-07-19 07:54:34 +08:00
|
|
|
continue
|
2010-03-12 23:51:00 +08:00
|
|
|
if self._should_delete_form(form):
|
2008-07-19 07:54:34 +08:00
|
|
|
self._deleted_form_indexes.append(i)
|
|
|
|
return [self.forms[i] for i in self._deleted_form_indexes]
|
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def ordered_forms(self):
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
Returns a list of form in the order specified by the incoming data.
|
2009-03-31 03:36:19 +08:00
|
|
|
Raises an AttributeError if ordering is not allowed.
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
if not self.is_valid() or not self.can_order:
|
|
|
|
raise AttributeError("'%s' object has no attribute 'ordered_forms'" % self.__class__.__name__)
|
|
|
|
# Construct _ordering, which is a list of (form_index, order_field_value)
|
|
|
|
# tuples. After constructing this list, we'll sort it by order_field_value
|
|
|
|
# so we have a way to get to the form indexes in the order specified
|
|
|
|
# by the form data.
|
|
|
|
if not hasattr(self, '_ordering'):
|
|
|
|
self._ordering = []
|
2009-03-30 23:58:52 +08:00
|
|
|
for i in range(0, self.total_form_count()):
|
2008-07-19 07:54:34 +08:00
|
|
|
form = self.forms[i]
|
|
|
|
# if this is an extra form and hasn't changed, don't consider it
|
2009-03-30 23:58:52 +08:00
|
|
|
if i >= self.initial_form_count() and not form.has_changed():
|
2008-07-19 07:54:34 +08:00
|
|
|
continue
|
|
|
|
# don't add data marked for deletion to self.ordered_data
|
2010-03-12 23:51:00 +08:00
|
|
|
if self.can_delete and self._should_delete_form(form):
|
2008-07-19 07:54:34 +08:00
|
|
|
continue
|
|
|
|
self._ordering.append((i, form.cleaned_data[ORDERING_FIELD_NAME]))
|
|
|
|
# After we're done populating self._ordering, sort it.
|
2009-04-28 22:17:18 +08:00
|
|
|
# A sort function to order things numerically ascending, but
|
|
|
|
# None should be sorted below anything else. Allowing None as
|
|
|
|
# a comparison value makes it so we can leave ordering fields
|
2010-08-07 00:31:44 +08:00
|
|
|
# blank.
|
|
|
|
def compare_ordering_key(k):
|
|
|
|
if k[1] is None:
|
|
|
|
return (1, 0) # +infinity, larger than any number
|
|
|
|
return (0, k[1])
|
|
|
|
self._ordering.sort(key=compare_ordering_key)
|
2011-08-12 22:14:15 +08:00
|
|
|
# Return a list of form.cleaned_data dicts in the order specified by
|
2008-07-19 07:54:34 +08:00
|
|
|
# the form data.
|
|
|
|
return [self.forms[i[0]] for i in self._ordering]
|
|
|
|
|
2011-05-02 00:46:02 +08:00
|
|
|
@classmethod
|
2009-03-10 19:19:26 +08:00
|
|
|
def get_default_prefix(cls):
|
|
|
|
return 'form'
|
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
def non_form_errors(self):
|
|
|
|
"""
|
|
|
|
Returns an ErrorList of errors that aren't associated with a particular
|
|
|
|
form -- i.e., from formset.clean(). Returns an empty ErrorList if there
|
|
|
|
are none.
|
|
|
|
"""
|
2013-05-18 19:44:27 +08:00
|
|
|
if self._non_form_errors is None:
|
|
|
|
self.full_clean()
|
|
|
|
return self._non_form_errors
|
2008-07-19 07:54:34 +08:00
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def errors(self):
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
Returns a list of form.errors for every form in self.forms.
|
|
|
|
"""
|
|
|
|
if self._errors is None:
|
|
|
|
self.full_clean()
|
|
|
|
return self._errors
|
|
|
|
|
2013-06-16 04:34:25 +08:00
|
|
|
def total_error_count(self):
|
|
|
|
"""
|
|
|
|
Returns the number of errors across all forms in the formset.
|
|
|
|
"""
|
|
|
|
return len(self.non_form_errors()) +\
|
|
|
|
sum(len(form_errors) for form_errors in self.errors)
|
|
|
|
|
2010-03-12 23:51:00 +08:00
|
|
|
def _should_delete_form(self, form):
|
2012-08-30 21:51:13 +08:00
|
|
|
"""
|
|
|
|
Returns whether or not the form was marked for deletion.
|
|
|
|
"""
|
|
|
|
return form.cleaned_data.get(DELETION_FIELD_NAME, False)
|
2010-03-12 23:51:00 +08:00
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
def is_valid(self):
|
|
|
|
"""
|
2012-12-07 03:00:56 +08:00
|
|
|
Returns True if every form in self.forms is valid.
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
if not self.is_bound:
|
|
|
|
return False
|
|
|
|
# We loop over every form.errors here rather than short circuiting on the
|
|
|
|
# first failure to make sure validation gets triggered for every form.
|
|
|
|
forms_valid = True
|
2010-12-21 23:07:43 +08:00
|
|
|
err = self.errors
|
2009-03-31 03:36:19 +08:00
|
|
|
for i in range(0, self.total_form_count()):
|
|
|
|
form = self.forms[i]
|
|
|
|
if self.can_delete:
|
2010-03-12 23:51:00 +08:00
|
|
|
if self._should_delete_form(form):
|
2009-03-31 03:36:19 +08:00
|
|
|
# This form is going to be deleted so any of its errors
|
|
|
|
# should not cause the entire formset to be invalid.
|
|
|
|
continue
|
2012-12-07 03:00:56 +08:00
|
|
|
forms_valid &= form.is_valid()
|
2008-07-19 07:54:34 +08:00
|
|
|
return forms_valid and not bool(self.non_form_errors())
|
|
|
|
|
|
|
|
def full_clean(self):
|
|
|
|
"""
|
2013-05-18 19:44:27 +08:00
|
|
|
Cleans all of self.data and populates self._errors and
|
|
|
|
self._non_form_errors.
|
2008-07-19 07:54:34 +08:00
|
|
|
"""
|
|
|
|
self._errors = []
|
2013-05-18 19:44:27 +08:00
|
|
|
self._non_form_errors = self.error_class()
|
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
if not self.is_bound: # Stop further processing.
|
|
|
|
return
|
2009-03-30 23:58:52 +08:00
|
|
|
for i in range(0, self.total_form_count()):
|
2008-07-19 07:54:34 +08:00
|
|
|
form = self.forms[i]
|
|
|
|
self._errors.append(form.errors)
|
|
|
|
try:
|
2013-05-21 00:13:03 +08:00
|
|
|
if (self.validate_max and
|
|
|
|
self.total_form_count() - len(self.deleted_forms) > self.max_num) or \
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
self.management_form.cleaned_data[TOTAL_FORM_COUNT] > self.absolute_max:
|
2013-05-04 16:08:38 +08:00
|
|
|
raise ValidationError(ungettext(
|
|
|
|
"Please submit %d or fewer forms.",
|
2013-06-06 02:55:05 +08:00
|
|
|
"Please submit %d or fewer forms.", self.max_num) % self.max_num,
|
|
|
|
code='too_many_forms',
|
|
|
|
)
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
# Give self.clean() a chance to do cross-form validation.
|
2008-07-19 07:54:34 +08:00
|
|
|
self.clean()
|
2012-04-29 00:09:37 +08:00
|
|
|
except ValidationError as e:
|
2010-02-24 04:55:42 +08:00
|
|
|
self._non_form_errors = self.error_class(e.messages)
|
2008-07-19 07:54:34 +08:00
|
|
|
|
|
|
|
def clean(self):
|
|
|
|
"""
|
|
|
|
Hook for doing any extra formset-wide cleaning after Form.clean() has
|
|
|
|
been called on every form. Any ValidationError raised by this method
|
|
|
|
will not be associated with a particular form; it will be accesible
|
|
|
|
via formset.non_form_errors()
|
|
|
|
"""
|
|
|
|
pass
|
|
|
|
|
2011-09-10 10:42:05 +08:00
|
|
|
def has_changed(self):
|
|
|
|
"""
|
|
|
|
Returns true if data in any form differs from initial.
|
|
|
|
"""
|
|
|
|
return any(form.has_changed() for form in self)
|
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
def add_fields(self, form, index):
|
|
|
|
"""A hook for adding extra fields on to each form instance."""
|
|
|
|
if self.can_order:
|
|
|
|
# Only pre-fill the ordering field for initial forms.
|
2010-01-26 23:02:53 +08:00
|
|
|
if index is not None and index < self.initial_form_count():
|
2012-06-08 00:08:47 +08:00
|
|
|
form.fields[ORDERING_FIELD_NAME] = IntegerField(label=_('Order'), initial=index+1, required=False)
|
2008-07-19 07:54:34 +08:00
|
|
|
else:
|
2012-06-08 00:08:47 +08:00
|
|
|
form.fields[ORDERING_FIELD_NAME] = IntegerField(label=_('Order'), required=False)
|
2008-07-19 07:54:34 +08:00
|
|
|
if self.can_delete:
|
2012-06-08 00:08:47 +08:00
|
|
|
form.fields[DELETION_FIELD_NAME] = BooleanField(label=_('Delete'), required=False)
|
2008-07-19 07:54:34 +08:00
|
|
|
|
|
|
|
def add_prefix(self, index):
|
|
|
|
return '%s-%s' % (self.prefix, index)
|
|
|
|
|
|
|
|
def is_multipart(self):
|
|
|
|
"""
|
2011-10-19 04:28:52 +08:00
|
|
|
Returns True if the formset needs to be multipart, i.e. it
|
2008-07-19 07:54:34 +08:00
|
|
|
has FileInput. Otherwise, False.
|
|
|
|
"""
|
2013-01-03 22:13:51 +08:00
|
|
|
if self.forms:
|
|
|
|
return self.forms[0].is_multipart()
|
|
|
|
else:
|
|
|
|
return self.empty_form.is_multipart()
|
2008-07-19 07:54:34 +08:00
|
|
|
|
2012-09-07 05:07:14 +08:00
|
|
|
@property
|
|
|
|
def media(self):
|
2008-07-19 07:54:34 +08:00
|
|
|
# All the forms on a FormSet are the same, so you only need to
|
|
|
|
# interrogate the first form for media.
|
|
|
|
if self.forms:
|
|
|
|
return self.forms[0].media
|
|
|
|
else:
|
2013-01-03 22:13:51 +08:00
|
|
|
return self.empty_form.media
|
2008-07-19 07:54:34 +08:00
|
|
|
|
|
|
|
def as_table(self):
|
|
|
|
"Returns this formset rendered as HTML <tr>s -- excluding the <table></table>."
|
|
|
|
# XXX: there is no semantic division between forms here, there
|
|
|
|
# probably should be. It might make sense to render each form as a
|
|
|
|
# table row with each field as a td.
|
2013-08-30 07:20:00 +08:00
|
|
|
forms = ' '.join(form.as_table() for form in self)
|
2012-07-20 20:48:51 +08:00
|
|
|
return mark_safe('\n'.join([six.text_type(self.management_form), forms]))
|
2008-07-19 07:54:34 +08:00
|
|
|
|
2010-10-18 12:44:49 +08:00
|
|
|
def as_p(self):
|
|
|
|
"Returns this formset rendered as HTML <p>s."
|
2013-08-30 07:20:00 +08:00
|
|
|
forms = ' '.join(form.as_p() for form in self)
|
2012-07-20 20:48:51 +08:00
|
|
|
return mark_safe('\n'.join([six.text_type(self.management_form), forms]))
|
2010-10-18 12:44:49 +08:00
|
|
|
|
|
|
|
def as_ul(self):
|
|
|
|
"Returns this formset rendered as HTML <li>s."
|
2013-08-30 07:20:00 +08:00
|
|
|
forms = ' '.join(form.as_ul() for form in self)
|
2012-07-20 20:48:51 +08:00
|
|
|
return mark_safe('\n'.join([six.text_type(self.management_form), forms]))
|
2010-10-18 12:44:49 +08:00
|
|
|
|
2008-07-19 07:54:34 +08:00
|
|
|
def formset_factory(form, formset=BaseFormSet, extra=1, can_order=False,
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
can_delete=False, max_num=None, validate_max=False):
|
2008-07-19 07:54:34 +08:00
|
|
|
"""Return a FormSet for the given form class."""
|
2013-02-12 18:22:41 +08:00
|
|
|
if max_num is None:
|
|
|
|
max_num = DEFAULT_MAX_NUM
|
|
|
|
# hard limit on forms instantiated, to prevent memory-exhaustion attacks
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
# limit is simply max_num + DEFAULT_MAX_NUM (which is 2*DEFAULT_MAX_NUM
|
|
|
|
# if max_num is None in the first place)
|
|
|
|
absolute_max = max_num + DEFAULT_MAX_NUM
|
2008-07-19 07:54:34 +08:00
|
|
|
attrs = {'form': form, 'extra': extra,
|
|
|
|
'can_order': can_order, 'can_delete': can_delete,
|
Fixed #20084 -- Provided option to validate formset max_num on server.
This is provided as a new "validate_max" formset_factory option defaulting to
False, since the non-validating behavior of max_num is longstanding, and there
is certainly code relying on it. (In fact, even the Django admin relies on it
for the case where there are more existing inlines than the given max_num). It
may be that at some point we want to deprecate validate_max=False and
eventually remove the option, but this commit takes no steps in that direction.
This also fixes the DoS-prevention absolute_max enforcement so that it causes a
form validation error rather than an IndexError, and ensures that absolute_max
is always 1000 more than max_num, to prevent surprising changes in behavior
with max_num close to absolute_max.
Lastly, this commit fixes the previous inconsistency between a regular formset
and a model formset in the precedence of max_num and initial data. Previously
in a regular formset, if the provided initial data was longer than max_num, it
was truncated; in a model formset, all initial forms would be displayed
regardless of max_num. Now regular formsets are the same as model formsets; all
initial forms are displayed, even if more than max_num. (But if validate_max is
True, submitting these forms will result in a "too many forms" validation
error!) This combination of behaviors was chosen to keep the max_num validation
simple and consistent, and avoid silent data loss due to truncation of initial
data.
Thanks to Preston for discussion of the design choices.
2013-03-21 14:27:06 +08:00
|
|
|
'max_num': max_num, 'absolute_max': absolute_max,
|
|
|
|
'validate_max' : validate_max}
|
2012-08-03 21:18:13 +08:00
|
|
|
return type(form.__name__ + str('FormSet'), (formset,), attrs)
|
2008-07-19 07:54:34 +08:00
|
|
|
|
|
|
|
def all_valid(formsets):
|
|
|
|
"""Returns true if every formset in formsets is valid."""
|
|
|
|
valid = True
|
|
|
|
for formset in formsets:
|
|
|
|
if not formset.is_valid():
|
|
|
|
valid = False
|
|
|
|
return valid
|