« Previous | Next » 

Revision 98b84806


Added by Kostas Papadimitriou about 11 years ago

Prevent changes of readonly user profile fields

some user profile properties require special actions to be performed by
the user in order to be altered. Additional workflows are provided for
these properties to be changed (e.g. email verification urls/views for
user to change his email address) and thus should be considered
immutable by the user profile form.

Setting the readonly attribute on those field widgets is not enough
since it only takes care of their immutability on the client/presentation
layer and does not ensure that the corresponding profile attribute won't
be overridden if found in the POST dictionary passed during the form

To fix this we override the respective clean_<field> methods and force
them to return the currently stored value regardless if the user
requested to change it (e.g. with a handcrafted POST request).



  • added
  • modified
  • copied
  • renamed
  • deleted

View differences