Search code examples
pythondjangoprojects

Practical Django Projects - Pages 183 and 184

On pages 183 and 184 there is the following code :

def edit_snippet(request, snippet_id):
    snippet = get_object_or_404(Snippet, pk=snippet_id)
    if request.user.id != snippet.author.id:
        return HttpResponseForbidden()
    if request.method == 'POST':
        form = SnippetForm(instance=snippet, data=request.POST)
        if form.is_valid():
            snippet = form.save()
            return HttpResponseRedirect(snippet.get_absolute_url())
    else:
        form = SnippetForm(instance=snippet)
    return render_to_response('cab/snippet_form.html',{ 'form': form, 'add': False })
edit_snippet = login_required(edit_snippet)

Why is it necessary to add a data attribute here :

form = SnippetForm(instance=snippet, data=request.POST)

Isn't the instance attribute enough ?

If the request method isn't POST, then it could be anything but usually it's a GET method. Why is there no data attribute in this case ? Why is it necessary to take into account other request methods ? Couldn't we just write :

def edit_snippet(request, snippet_id):
    snippet = get_object_or_404(Snippet, pk=snippet_id)
    if request.user.id != snippet.author.id:
        return HttpResponseForbidden()
    if request.method == 'POST':
        form = SnippetForm(instance=snippet, data=request.POST)
        if form.is_valid():
            snippet = form.save()
            return HttpResponseRedirect(snippet.get_absolute_url())
    return render_to_response('cab/snippet_form.html',{ 'form': form, 'add': False })
edit_snippet = login_required(edit_snippet)

It sounds more logical to me not to let the user edit his snippet if the request method is not POST. Can you explain me these points ?

Solution

  • The "edit_snippet" function handles both (1) the GET request to display a form to edit the object, and (2) the subsequent POST request when the user saves her changes to the form.

    With this in mind, it makes sense for the non-POST case to simply populate the form from the "snippet" variable that was retrieved from the database; as you notice, there is no "data" parameter in this case. What was in the database will be displayed to the user.

    However, when the user saves the form, in the POST case, the "snippet" variable will only hold what was retrieved from the database. By setting the "data" parameter to the contents of the form fields (request.POST) that were posted by the user, you allow the form to (1) store the user's edits from request.POST into the object, and then (2) validate these changes.