5π
The default permissions for django-ajax-selects require the user to be staff (user.is_staff) . See the README note on changing this default in your LookupChannel https://github.com/crucialfelix/django-ajax-selects#check_authselfrequest
check_auth(self,request):
To ensure that nobody can get your data via json simply by knowing the
URL. The default is to limit it to request.user.is_staff and raise a
PermissionDenied exception. By default this is an error with a 401
response, but your middleware may intercept and choose to do other
things.Public facing forms should write a custom LookupChannel to implement
as needed. Also you could choose to return HttpResponseForbidden(βwho
are you?β) instead of raising PermissionDenied
This incorrectly states that it will return a 401 status code when in fact Django will handle the PermissionDenied with a 403 response like you are seeing.
4π
How @Mark Lavin said:
is just override the function check_auth on custom LookupChanel like this:
class AreasLookup(LookupChannel):
model = Areas
def check_auth(self, request):
if request.user.get_profile() :
return True
def get_query(self,q,request):
return Areas.objects.filter(Q(type__icontains=q)).order_by('type')
def get_result(self,obj):
u""" result is the simple text that is the completion of what the person typed """
return obj.type
def format_match(self,obj):
""" (HTML) formatted item for display in the dropdown """
return self.format_item_display(obj)
def format_item_display(self,obj):
""" (HTML) formatted item for displaying item in the selected deck area """
return u"%s" % (escape(obj.type))
- [Django]-Django RuntimeError: maximum recursion depth exceeded
- [Django]-Django all-auth Email Required
- [Django]-Why does Google ReCaptcha not prevent the submission of the form?