在 Django 表单中，如何将字段设为只读(或禁用)以使其无法编辑? [英] In a Django form, how do I make a field readonly (or disabled) so that it cannot be edited?

问题描述

在 Django 表单中，如何将字段设为只读(或禁用)?

In a Django form, how do I make a field read-only (or disabled)?

当使用表单创建新条目时，应启用所有字段 - 但当记录处于更新模式时，某些字段需要为只读.

When the form is being used to create a new entry, all fields should be enabled - but when the record is in update mode some fields need to be read-only.

例如，在创建新的 Item 模型时，所有字段都必须是可编辑的，但是在更新记录时，有没有办法禁用 sku 字段，以便它是可见的，但不能编辑?

For example, when creating a new Item model, all fields must be editable, but while updating the record, is there a way to disable the sku field so that it is visible, but cannot be edited?

class Item(models.Model):
    sku = models.CharField(max_length=50)
    description = models.CharField(max_length=200)
    added_by = models.ForeignKey(User)


class ItemForm(ModelForm):
    class Meta:
        model = Item
        exclude = ('added_by')

def new_item_view(request):
    if request.method == 'POST':
        form = ItemForm(request.POST)
        # Validate and save
    else:
            form = ItemForm()
    # Render the view

ItemForm 类可以重用吗?ItemForm 或 Item 模型类需要哪些更改?我是否需要编写另一个类ItemUpdateForm"来更新项目?

Can class ItemForm be reused? What changes would be required in the ItemForm or Item model class? Would I need to write another class, "ItemUpdateForm", for updating the item?

def update_item_view(request):
    if request.method == 'POST':
        form = ItemUpdateForm(request.POST)
        # Validate and save
    else:
        form = ItemUpdateForm()

推荐答案

正如 这个答案，Django 1.9 添加了 Field.disabled 属性:

As pointed out in this answer, Django 1.9 added the Field.disabled attribute:

disabled 布尔参数设置为 True 时，会禁用使用 disabled HTML 属性的表单字段，以便用户无法对其进行编辑.即使用户篡改了提交给服务器的字段值，它也会被忽略，取而代之的是表单初始数据中的值.

The disabled boolean argument, when set to True, disables a form field using the disabled HTML attribute so that it won’t be editable by users. Even if a user tampers with the field’s value submitted to the server, it will be ignored in favor of the value from the form’s initial data.

使用 Django 1.8 及更早版本，要禁用小部件上的条目并防止恶意 POST 黑客攻击，除了在表单字段上设置 readonly 属性外，您还必须清理输入:

With Django 1.8 and earlier, to disable entry on the widget and prevent malicious POST hacks you must scrub the input in addition to setting the readonly attribute on the form field:

class ItemForm(ModelForm):
    def __init__(self, *args, **kwargs):
        super(ItemForm, self).__init__(*args, **kwargs)
        instance = getattr(self, 'instance', None)
        if instance and instance.pk:
            self.fields['sku'].widget.attrs['readonly'] = True

    def clean_sku(self):
        instance = getattr(self, 'instance', None)
        if instance and instance.pk:
            return instance.sku
        else:
            return self.cleaned_data['sku']

或者，将 if instance 和 instance.pk 替换为另一个指示您正在编辑的条件.您还可以在输入字段上设置属性 disabled，而不是 readonly.

Or, replace if instance and instance.pk with another condition indicating you're editing. You could also set the attribute disabled on the input field, instead of readonly.

clean_sku 函数将确保 readonly 值不会被 POST 覆盖.

The clean_sku function will ensure that the readonly value won't be overridden by a POST.

否则，没有内置的 Django 表单字段会在拒绝绑定输入数据时呈现值.如果这是您想要的，您应该创建一个单独的 ModelForm 来排除不可编辑的字段，并将它们打印在您的模板中.

Otherwise, there is no built-in Django form field which will render a value while rejecting bound input data. If this is what you desire, you should instead create a separate ModelForm that excludes the uneditable field(s), and just print them inside your template.

这篇关于在 Django 表单中，如何将字段设为只读(或禁用)以使其无法编辑?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！