{{ last_updated }}
+ {%- endif %} +Your username and password didn't match. Please try again.
- {% endif %} - - - - {% endblock %} - -.. _forms documentation: ../forms/ -.. _site framework docs: ../sites/ - -Other built-in views --------------------- - -In addition to the ``login`` view, the authentication system includes a -few other useful built-in views: - -``django.contrib.auth.views.logout`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Description:** - -Logs a user out. - -**Optional arguments:** - - * ``template_name``: The full name of a template to display after - logging the user out. This will default to - ``registration/logged_out.html`` if no argument is supplied. - -**Template context:** - - * ``title``: The string "Logged out", localized. - -``django.contrib.auth.views.logout_then_login`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Description:** - -Logs a user out, then redirects to the login page. - -**Optional arguments:** - - * ``login_url``: The URL of the login page to redirect to. This - will default to ``settings.LOGIN_URL`` if not supplied. - -``django.contrib.auth.views.password_change`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Description:** - -Allows a user to change their password. - -**Optional arguments:** - - * ``template_name``: The full name of a template to use for - displaying the password change form. This will default to - ``registration/password_change_form.html`` if not supplied. - -**Template context:** - - * ``form``: The password change form. - -``django.contrib.auth.views.password_change_done`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Description:** - -The page shown after a user has changed their password. - -**Optional arguments:** - - * ``template_name``: The full name of a template to use. This will - default to ``registration/password_change_done.html`` if not - supplied. - -``django.contrib.auth.views.password_reset`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Description:** - -Allows a user to reset their password, and sends them the new password -in an e-mail. - -**Optional arguments:** - - * ``template_name``: The full name of a template to use for - displaying the password reset form. This will default to - ``registration/password_reset_form.html`` if not supplied. - - * ``email_template_name``: The full name of a template to use for - generating the e-mail with the new password. This will default to - ``registration/password_reset_email.html`` if not supplied. - -**Template context:** - - * ``form``: The form for resetting the user's password. - -``django.contrib.auth.views.password_reset_done`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Description:** - -The page shown after a user has reset their password. - -**Optional arguments:** - - * ``template_name``: The full name of a template to use. This will - default to ``registration/password_reset_done.html`` if not - supplied. - -``django.contrib.auth.views.redirect_to_login`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -**Description:** - -Redirects to the login page, and then back to another URL after a -successful login. - -**Required arguments:** - - * ``next``: The URL to redirect to after a successful login. - -**Optional arguments:** - - * ``login_url``: The URL of the login page to redirect to. This - will default to ``settings.LOGIN_URL`` if not supplied. - -Built-in forms --------------- - -**New in Django development version.** - -If you don't want to use the built-in views, but want the convenience -of not having to write forms for this functionality, the authentication -system provides several built-in forms: - - * ``django.contrib.auth.forms.AdminPasswordChangeForm``: A form used in - the admin interface to change a user's password. - - * ``django.contrib.auth.forms.AuthenticationForm``: A form for logging a - user in. - - * ``django.contrib.auth.forms.PasswordChangeForm``: A form for allowing a - user to change their password. - - * ``django.contrib.auth.forms.PasswordResetForm``: A form for resetting a - user's password and e-mailing the new password to them. - - * ``django.contrib.auth.forms.UserCreationForm``: A form for creating a - new user. - -Limiting access to logged-in users that pass a test ---------------------------------------------------- - -To limit access based on certain permissions or some other test, you'd do -essentially the same thing as described in the previous section. - -The simple way is to run your test on ``request.user`` in the view directly. -For example, this view checks to make sure the user is logged in and has the -permission ``polls.can_vote``:: - - def my_view(request): - if not (request.user.is_authenticated() and request.user.has_perm('polls.can_vote')): - return HttpResponse("You can't vote in this poll.") - # ... - -As a shortcut, you can use the convenient ``user_passes_test`` decorator:: - - from django.contrib.auth.decorators import user_passes_test - - def my_view(request): - # ... - my_view = user_passes_test(lambda u: u.has_perm('polls.can_vote'))(my_view) - -We're using this particular test as a relatively simple example. However, if -you just want to test whether a permission is available to a user, you can use -the ``permission_required()`` decorator, described later in this document. - -Here's the same thing, using Python 2.4's decorator syntax:: - - from django.contrib.auth.decorators import user_passes_test - - @user_passes_test(lambda u: u.has_perm('polls.can_vote')) - def my_view(request): - # ... - -``user_passes_test`` takes a required argument: a callable that takes a -``User`` object and returns ``True`` if the user is allowed to view the page. -Note that ``user_passes_test`` does not automatically check that the ``User`` -is not anonymous. - -``user_passes_test()`` takes an optional ``login_url`` argument, which lets you -specify the URL for your login page (``settings.LOGIN_URL`` by default). - -Example in Python 2.3 syntax:: - - from django.contrib.auth.decorators import user_passes_test - - def my_view(request): - # ... - my_view = user_passes_test(lambda u: u.has_perm('polls.can_vote'), login_url='/login/')(my_view) - -Example in Python 2.4 syntax:: - - from django.contrib.auth.decorators import user_passes_test - - @user_passes_test(lambda u: u.has_perm('polls.can_vote'), login_url='/login/') - def my_view(request): - # ... - -The permission_required decorator -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -It's a relatively common task to check whether a user has a particular -permission. For that reason, Django provides a shortcut for that case: the -``permission_required()`` decorator. Using this decorator, the earlier example -can be written as:: - - from django.contrib.auth.decorators import permission_required - - def my_view(request): - # ... - my_view = permission_required('polls.can_vote')(my_view) - -Note that ``permission_required()`` also takes an optional ``login_url`` -parameter. Example:: - - from django.contrib.auth.decorators import permission_required - - def my_view(request): - # ... - my_view = permission_required('polls.can_vote', login_url='/loginpage/')(my_view) - -As in the ``login_required`` decorator, ``login_url`` defaults to -``settings.LOGIN_URL``. - -Limiting access to generic views --------------------------------- - -To limit access to a `generic view`_, write a thin wrapper around the view, -and point your URLconf to your wrapper instead of the generic view itself. -For example:: - - from django.views.generic.date_based import object_detail - - @login_required - def limited_object_detail(*args, **kwargs): - return object_detail(*args, **kwargs) - -.. _generic view: ../generic_views/ - -Permissions -=========== - -Django comes with a simple permissions system. It provides a way to assign -permissions to specific users and groups of users. - -It's used by the Django admin site, but you're welcome to use it in your own -code. - -The Django admin site uses permissions as follows: - - * Access to view the "add" form and add an object is limited to users with - the "add" permission for that type of object. - * Access to view the change list, view the "change" form and change an - object is limited to users with the "change" permission for that type of - object. - * Access to delete an object is limited to users with the "delete" - permission for that type of object. - -Permissions are set globally per type of object, not per specific object -instance. For example, it's possible to say "Mary may change news stories," but -it's not currently possible to say "Mary may change news stories, but only the -ones she created herself" or "Mary may only change news stories that have a -certain status, publication date or ID." The latter functionality is something -Django developers are currently discussing. - -Default permissions -------------------- - -When ``django.contrib.auth`` is listed in your ``INSTALLED_APPS`` -setting, it will ensure that three default permissions -- add, change -and delete -- are created for each Django model defined in one of your -installed applications. - -These permissions will be created when you run ``manage.py syncdb``; -the first time you run ``syncdb`` after adding ``django.contrib.auth`` -to ``INSTALLED_APPS``, the default permissions will be created for all -previously-installed models, as well as for any new models being -installed at that time. Afterward, it will create default permissions -for new models each time you run ``manage.py syncdb``. - -Custom permissions ------------------- - -To create custom permissions for a given model object, use the ``permissions`` -`model Meta attribute`_. - -This example model creates three custom permissions:: - - class USCitizen(models.Model): - # ... - class Meta: - permissions = ( - ("can_drive", "Can drive"), - ("can_vote", "Can vote in elections"), - ("can_drink", "Can drink alcohol"), - ) - -The only thing this does is create those extra permissions when you run -``syncdb``. - -.. _model Meta attribute: ../model-api/#meta-options - -API reference -------------- - -Just like users, permissions are implemented in a Django model that lives in -`django/contrib/auth/models.py`_. - -.. _django/contrib/auth/models.py: http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py - -Fields -~~~~~~ - -``Permission`` objects have the following fields: - - * ``name`` -- Required. 50 characters or fewer. Example: ``'Can vote'``. - * ``content_type`` -- Required. A reference to the ``django_content_type`` - database table, which contains a record for each installed Django model. - * ``codename`` -- Required. 100 characters or fewer. Example: ``'can_vote'``. - -Methods -~~~~~~~ - -``Permission`` objects have the standard data-access methods like any other -`Django model`_. - -Authentication data in templates -================================ - -The currently logged-in user and his/her permissions are made available in the -`template context`_ when you use ``RequestContext``. - -.. admonition:: Technicality - - Technically, these variables are only made available in the template context - if you use ``RequestContext`` *and* your ``TEMPLATE_CONTEXT_PROCESSORS`` - setting contains ``"django.core.context_processors.auth"``, which is default. - For more, see the `RequestContext docs`_. - - .. _RequestContext docs: ../templates_python/#subclassing-context-requestcontext - -Users ------ - -The currently logged-in user, either a ``User`` instance or an``AnonymousUser`` -instance, is stored in the template variable ``{{ user }}``:: - - {% if user.is_authenticated %} -Welcome, {{ user.username }}. Thanks for logging in.
- {% else %} -Welcome, new user. Please log in.
- {% endif %} - -Permissions ------------ - -The currently logged-in user's permissions are stored in the template variable -``{{ perms }}``. This is an instance of ``django.core.context_processors.PermWrapper``, -which is a template-friendly proxy of permissions. - -In the ``{{ perms }}`` object, single-attribute lookup is a proxy to -``User.has_module_perms``. This example would display ``True`` if the logged-in -user had any permissions in the ``foo`` app:: - - {{ perms.foo }} - -Two-level-attribute lookup is a proxy to ``User.has_perm``. This example would -display ``True`` if the logged-in user had the permission ``foo.can_vote``:: - - {{ perms.foo.can_vote }} - -Thus, you can check permissions in template ``{% if %}`` statements:: - - {% if perms.foo %} -You have permission to do something in the foo app.
- {% if perms.foo.can_vote %} -You can vote!
- {% endif %} - {% if perms.foo.can_drive %} -You can drive!
- {% endif %} - {% else %} -You don't have permission to do anything in the foo app.
- {% endif %} - -.. _template context: ../templates_python/ - -Groups -====== - -Groups are a generic way of categorizing users so you can apply permissions, or -some other label, to those users. A user can belong to any number of groups. - -A user in a group automatically has the permissions granted to that group. For -example, if the group ``Site editors`` has the permission -``can_edit_home_page``, any user in that group will have that permission. - -Beyond permissions, groups are a convenient way to categorize users to give -them some label, or extended functionality. For example, you could create a -group ``'Special users'``, and you could write code that could, say, give them -access to a members-only portion of your site, or send them members-only e-mail -messages. - -Messages -======== - -The message system is a lightweight way to queue messages for given users. - -A message is associated with a ``User``. There's no concept of expiration or -timestamps. - -Messages are used by the Django admin after successful actions. For example, -``"The poll Foo was created successfully."`` is a message. - -The API is simple: - - * To create a new message, use - ``user_obj.message_set.create(message='message_text')``. - * To retrieve/delete messages, use ``user_obj.get_and_delete_messages()``, - which returns a list of ``Message`` objects in the user's queue (if any) - and deletes the messages from the queue. - -In this example view, the system saves a message for the user after creating -a playlist:: - - def create_playlist(request, songs): - # Create the playlist with the given songs. - # ... - request.user.message_set.create(message="Your playlist was added successfully.") - return render_to_response("playlists/create.html", - context_instance=RequestContext(request)) - -When you use ``RequestContext``, the currently logged-in user and his/her -messages are made available in the `template context`_ as the template variable -``{{ messages }}``. Here's an example of template code that displays messages:: - - {% if messages %} -The time is {% current_time "%Y-%m-%d %I:%M %p" %}.
@@ -1064,7 +496,9 @@ content (a template variable) to a template tag as an argument. While the previous examples have formatted the current time into a string and returned the string, suppose you wanted to pass in a ``DateTimeField`` from an -object and have the template tag format that date-time:: +object and have the template tag format that date-time: + +.. code-block:: html+djangoThis post was last updated at {% format_time blog_entry.date_updated "%Y-%m-%d %I:%M %p" %}.
@@ -1174,7 +608,7 @@ In Python 2.4, the decorator syntax also works:: A couple of things to note about the ``simple_tag`` helper function: - * Checking for the required number of arguments, etc, has already been + * Checking for the required number of arguments, etc., has already been done by the time our function is called, so we don't need to do that. * The quotes around the argument (if any) have already been stripped away, so we just receive a plain string. @@ -1200,11 +634,15 @@ These sorts of tags are called "inclusion tags". Writing inclusion tags is probably best demonstrated by example. Let's write a tag that outputs a list of choices for a given ``Poll`` object, such as was -created in the tutorials_. We'll use the tag like this:: +created in the :ref:`tutorialsThe time is {{ current_time }}.
@@ -1322,7 +766,9 @@ But, there's a problem with ``CurrentTimeNode2``: The variable name template doesn't use ``{{ current_time }}`` anywhere else, because the ``{% current_time %}`` will blindly overwrite that variable's value. A cleaner solution is to make the template tag specify the name of the output variable, -like so:: +like so: + +.. code-block:: html+django {% get_current_time "%Y-%M-%d %I:%M %p" as my_current_time %}The current time is {{ my_current_time }}.
@@ -1402,7 +848,9 @@ possible to do something with the code between block tags. For example, here's a custom template tag, ``{% upper %}``, that capitalizes everything between itself and ``{% endupper %}``. -Usage:: +Usage: + +.. code-block:: html+django {% upper %}This will appear in uppercase, {{ your_name }}.{% endupper %} @@ -1427,37 +875,3 @@ The only new concept here is the ``self.nodelist.render(context)`` in For more examples of complex rendering, see the source code for ``{% if %}``, ``{% for %}``, ``{% ifequal %}`` and ``{% ifchanged %}``. They live in ``django/template/defaulttags.py``. - -.. _configuration: - -Configuring the template system in standalone mode -================================================== - -.. note:: - - This section is only of interest to people trying to use the template - system as an output component in another application. If you're using the - template system as part of a Django application, nothing here applies to - you. - -Normally, Django will load all the configuration information it needs from its -own default configuration file, combined with the settings in the module given -in the ``DJANGO_SETTINGS_MODULE`` environment variable. But if you're using the -template system independently of the rest of Django, the environment variable -approach isn't very convenient, because you probably want to configure the -template system in line with the rest of your application rather than dealing -with settings files and pointing to them via environment variables. - -To solve this problem, you need to use the manual configuration option -described in the `settings file`_ documentation. Simply import the appropriate -pieces of the templating system and then, *before* you call any of the -templating functions, call ``django.conf.settings.configure()`` with any -settings you wish to specify. You might want to consider setting at least -``TEMPLATE_DIRS`` (if you're going to use template loaders), -``DEFAULT_CHARSET`` (although the default of ``utf-8`` is probably fine) and -``TEMPLATE_DEBUG``. All available settings are described in the -`settings documentation`_, and any setting starting with *TEMPLATE_* -is of obvious interest. - -.. _settings file: ../settings/#using-settings-without-the-django-settings-module-environment-variable -.. _settings documentation: ../settings/ diff --git a/docs/fastcgi.txt b/docs/howto/deployment/fastcgi.txt similarity index 86% rename from docs/fastcgi.txt rename to docs/howto/deployment/fastcgi.txt index edd4c8a83d..f9f9a8184a 100644 --- a/docs/fastcgi.txt +++ b/docs/howto/deployment/fastcgi.txt @@ -1,17 +1,22 @@ +.. _howto-deployment-fastcgi: + =========================================== How to use Django with FastCGI, SCGI or AJP =========================================== -Although the `current preferred setup`_ for running Django is Apache_ with -`mod_python`_, many people use shared hosting, on which protocols such as -FastCGI, SCGI or AJP are the only viable options. In some setups, these protocols -also allow better security -- and, possibly, better performance -- than mod_python. +.. highlight:: bash + +Although the current preferred setup for running Django is :ref:`Apache with +mod_python