1

On pages 183 and 184 there is the following code :

def edit_snippet(request, snippet_id):
    snippet = get_object_or_404(Snippet, pk=snippet_id)
    if request.user.id != snippet.author.id:
        return HttpResponseForbidden()
    if request.method == 'POST':
        form = SnippetForm(instance=snippet, data=request.POST)
        if form.is_valid():
            snippet = form.save()
            return HttpResponseRedirect(snippet.get_absolute_url())
    else:
        form = SnippetForm(instance=snippet)
    return render_to_response('cab/snippet_form.html',{ 'form': form, 'add': False })
edit_snippet = login_required(edit_snippet)

Why is it necessary to add a data attribute here :

form = SnippetForm(instance=snippet, data=request.POST)

Isn't the instance attribute enough ?

If the request method isn't POST, then it could be anything but usually it's a GET method. Why is there no data attribute in this case ? Why is it necessary to take into account other request methods ? Couldn't we just write :

def edit_snippet(request, snippet_id):
    snippet = get_object_or_404(Snippet, pk=snippet_id)
    if request.user.id != snippet.author.id:
        return HttpResponseForbidden()
    if request.method == 'POST':
        form = SnippetForm(instance=snippet, data=request.POST)
        if form.is_valid():
            snippet = form.save()
            return HttpResponseRedirect(snippet.get_absolute_url())
    return render_to_response('cab/snippet_form.html',{ 'form': form, 'add': False })
edit_snippet = login_required(edit_snippet)

It sounds more logical to me not to let the user edit his snippet if the request method is not POST. Can you explain me these points ?

Ryan Gates
  • 4,501
  • 6
  • 50
  • 90
Peter
  • 13
  • 2

2 Answers2

2

It is Django way of doing: the same view is used to show the form for editing (GET) and then to validate it (POST).

See this example in docs:

The standard pattern for processing a form in a view looks like this:

def contact(request):
    if request.method == 'POST': # If the form has been submitted...
        form = ContactForm(request.POST) # A form bound to the POST data
        if form.is_valid(): # All validation rules pass
            # Process the data in form.cleaned_data
            # ...
            return HttpResponseRedirect('/thanks/') # Redirect after POST
    else:
        form = ContactForm() # An unbound form

    return render_to_response('contact.html', {
        'form': form,
    })
Don
  • 16,928
  • 12
  • 63
  • 101
1

The "edit_snippet" function handles both (1) the GET request to display a form to edit the object, and (2) the subsequent POST request when the user saves her changes to the form.

With this in mind, it makes sense for the non-POST case to simply populate the form from the "snippet" variable that was retrieved from the database; as you notice, there is no "data" parameter in this case. What was in the database will be displayed to the user.

However, when the user saves the form, in the POST case, the "snippet" variable will only hold what was retrieved from the database. By setting the "data" parameter to the contents of the form fields (request.POST) that were posted by the user, you allow the form to (1) store the user's edits from request.POST into the object, and then (2) validate these changes.

Scott Moonen
  • 738
  • 4
  • 8