Another Method: Comments for Authenticated Users

Fri 21 November 2008 by Thejaswi Puthraya

Another Method: Comments for Authenticated Users

In my previous post, I got a comment from Joshua Works who gave an interesting suggestion of not constructing fields for the name, email and url in the form as opposed to my method of using javascript to populate them. Each method has it's use cases and I like both of them.

So how do we get this method done?

In the photo_gallery_detail.html, make the following changes.

  • Replace the render_comment_form tag with the get_comment_form and contruct the form for all the fields you require.
{% get_comment_form for object as form %}
<form action="{% comment_form_target %}" method="POST">
  {{ form.comment }}
  {{ form.content_type }}
  {{ form.object_pk }}
  {{ form.timestamp }}
  {{ form.security_hash }}
  <input type="submit" value="Add comment" id="id_submit" />
  • You don't need the javascript that we added to populate the data in the base.html under the templates/test_app directory.
  • The wrapper remains as it is. You might ask me why I still have the wrapper in place even though the field for the name isn't available and that it would be automatically filled. The reason is that a spoofer can force a different name (user_name) and email address (user_email) to the database.

Credit goes to Joshua Works for suggesting this idea. This is a lot better than the hidden fields idea that I suggested as a passing reference at the very end of previous blog post.