Question on url routing

[robert brook]

If I have 2 urls coded in the file for example

url(r'^abc/$', views.abc),

url( r'^abc/def/$', views.def),

And the first url should be accessible by typing it into the browser.

The 2nd url should only be accessible from the application, not by virtue of a user typing it into the browser.

How do I accomplish that?

How do I capture that and reroute it to a valid page?

Thanks is advance

[François Schiettecatte]

Hi

You could check request.META['HTTP_REFERER'], it should be set if the user clicks on a link and unset if the user entered the url in the address bar. Obviously this is browser dependent. If you really want to be sure I would use a one time url with a uuid which you generate and store to validate against when you get the request.

François

> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b8423a99-7798-4458-b817-5f5179373603%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Collin Anderson]

Do you mean ajax-only?

def my_view(request):

    if not request.is_ajax():

        return redirect('/a-valid-page/')

https://docs.djangoproject.com/en/1.7/ref/request-response/#django.http.HttpRequest.is_ajax

[robert brook]

I know how to detect an ajax request.

I am interested int the general issue of the user typing in a valid url for the application, but not appropriate for the particular workflow.

I utilize the @login_required decorater.

 I am looking for an analgous function to pass the user back to an appropriate page.

[Vijay Khemlani]

I think in those cases you would need to add some custom logic to your view to check whether the URL is valid for the "step" the user is in the workflow.

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/00884451-604a-4ac1-99d1-860f6080c366%40googlegroups.com.

[robert brook]

It would seem that this should be a common issue for any web site.

based on the DRY principle, how has this been resolved by other developers

[robert brook]

Can you provide an example of custom logic

Thanks

[Aliane Abdelouahab]

in your class where you defined your 'private' link, you just redirects him everytime he clicks on it, or you make and if-else that is bound to the IP of the admin, so everytime the user clicks on it, he gets a 404 thinking that the link dont exist, else, the admin gets the right page.

[Collin Anderson]

Hi Robert,

I once had a 4-step ecommerce checkout, and at one point, I considered using class based views for each step, and have a class method on each view that runs form validation on the current data in the database to see if the user is allowed to continue. It would then need to redirect back to itself if it wasn't valid.

In the end I decided to do some non DRY, but simple sanity checks in the later views and redirect to a previous step if needed.

Collin

[robert brook]

I have figured out how to determine if the url_conf was obtained from an internal link (which would be the only acceptable workflow) or through a url that the user typed into the address bar trying to subvert the workflow.

See the attached screen shot of the view.

If the view goes through the except statement, I would redirect to an appropriate page.