Views#

class tom_common.views.CommentDeleteView(**kwargs)[source]#

View that handles deletion of a Comment. Requires authentication to call, and authorization to delete.

form_valid(form)[source]#

Checks if the user is authorized to delete the comment and then proceeds with deletion.

model#

alias of Comment

class tom_common.views.GroupCreateView(**kwargs)[source]#

View that handles creation of a user Group. Requires authorization.

form_class#

alias of GroupForm

model#

alias of Group

class tom_common.views.GroupDeleteView(**kwargs)[source]#

View that handles deletion of a user Group. Requires authorization.

model#

alias of Group

class tom_common.views.GroupUpdateView(**kwargs)[source]#

View that handles modification of a user Group. Requires authorization.

form_class#

alias of GroupForm

get_initial(*args, **kwargs)[source]#

Adds the User objects that are associated with this Group to the initial data.

Returns:

list of users

Return type:

QuerySet

model#

alias of Group

class tom_common.views.RegenerateAPITokenView(**kwargs)[source]#

View that handles regeneration of a User’s DRF API token. Requires login.

Deletes the existing token (if any) and creates a new one. For HTMX requests, returns the api_token partial with the new token. For non-HTMX requests, redirects to the user update page with a success message.

dispatch(*args, **kwargs)[source]#

Ensure non-superusers can only regenerate their own token.

Checks authentication first (via LoginRequiredMixin), then checks that non-superusers are only operating on their own token.

class tom_common.views.UserCreateView(**kwargs)[source]#

View that handles User creation. Requires authorization.

form_class#

alias of CustomUserCreationForm

class tom_common.views.UserDeleteView(**kwargs)[source]#

View that handles deletion of a User. Requires login.

dispatch(*args, **kwargs)[source]#

Directs the class-based view to the correct method for the HTTP request method. Ensures that non-superusers are not incorrectly updating the profiles of other users.

model#

alias of User

class tom_common.views.UserListView(**kwargs)[source]#

View that handles display of the list of User and Group objects. Requires authentication.

class tom_common.views.UserPasswordChangeView(**kwargs)[source]#

View that handles modification of the password for a User. Requires authorization.

form_class#

alias of ChangeUserPasswordForm

form_valid(form)[source]#

Called after form is validated. Updates the password for the current specified user.

get(request, *args, **kwargs)[source]#

On a GET request, show a confirmation page before allowing the password change. This follows the pattern of Django’s DeleteView, but bypasses the confirmation if a superuser is changing their own password.

get_context_data(**kwargs)[source]#

Add the user object to the context for all templates.

post(request, *args, **kwargs)[source]#

A POST can come from the confirmation page (to show the form) or from the password change form itself (to perform the change).

class tom_common.views.UserProfileView(**kwargs)[source]#

View to handle creating a user profile page. Requires a login.

Note: This is NOT a User Detail view that would require a primary Key tying it to a specific user. This is a profile page that always displays the information for the logged in user. A User Detail view would allow admin users to view the profile of any user which is not what we want here for security reasons.

class tom_common.views.UserUpdateView(**kwargs)[source]#

View that handles User modification. Requires authentication to call, and authorization to update.

dispatch(*args, **kwargs)[source]#

Directs the class-based view to the correct method for the HTTP request method. Ensures that non-superusers are not incorrectly updating the profiles of other users.

form_class#

alias of CustomUserCreationForm

form_valid(form)[source]#

Called after form is validated.

If the password was changed, updates the session auth hash to keep the user logged in (Django invalidates the session when the password hash changes). Encryption keys are independent of the password, so no re-encryption is needed.

get_context_data(**kwargs)[source]#

Add current user and API token to the context for all templates.

get_form(form_class=None)[source]#

Gets the user update form and removes the password requirement. Removes the groups field if the user is not a superuser.

Returns:

Form used by this view

Return type:

CustomUserCreationForm

get_success_url()[source]#

Returns the redirect URL for a successful update. If the current user is a superuser, returns the URL for the user list. Otherwise, returns the URL for updating the current user.

Returns:

URL for user list or update user

Return type:

str

model#

alias of User

tom_common.views.robots_txt(request)[source]#

A function-based view that handles the robots.txt content.

The default robots.txt is defined here. It disallows everything from everyone.

If you want to change that, we check for a path to a custom robots.txt file defined in settings.py as ROBOTS_TXT_PATH. If you set ROBOTS_TXT_PATH in your settings.py, then that file will be served instead of the default.