Reputation: 47
Django: Fields not found?
I keep getting an error
ImproperlyConfigured at /messages/compose/
Creating a ModelForm without either the 'fields' attribute or the 'exclude' attribute is prohibited; form ComposeForm needs updating.
I totally understand what the error is pointing out however I don't understand why it's showing up in the first place?
Here is the form django wants me to update:
from django import forms
from .models import DirectMessage
class ComposeForm(forms.ModelForm):
class Meta:
model = DirectMessage
and here is my model (complete with fields):
from django.db import models
from django.contrib.auth.models import User
# Create your models here.
user_obj = User.objects.get(username = 'jess')
class DirectMessage(models.Model):
subject = models.CharField(max_length =150)
body = models.CharField(max_length =3000)
sender = models.ForeignKey(User, related_name='sent_direct_messages', null=True, blank=True)
receiver = models.ForeignKey(User, related_name='recieved_direct_messages', null=True, blank=True)
sent = models.DateTimeField(auto_now_add=False, auto_now=False, null=True, blank=True)
read = models.DateTimeField(auto_now_add=False, auto_now=False, null=True, blank=True)
def __unicode__(self):
return self.subject
perhaps there is a problem with my syntax or I'm missing a glaring fundamental error. Any help would be appreciated, let me know if you need any more information/context. Thank you!
Upvotes: 2
Views: 1085
Answers (2)
Reputation: 19902
As it is described in Django documentation: Creating forms from models: Selecting the fields to use:
It is strongly recommended that you explicitly set all fields that should be edited in the form using the fields attribute. Failure to do so can easily lead to security problems when a form unexpectedly allows a user to set certain fields, especially when new fields are added to a model. Depending on how the form is rendered, the problem may not even be visible on the web page.
The alternative approach would be to include all fields automatically, or blacklist only some. This fundamental approach is known to be much less secure and has led to serious exploits on major websites (e.g. GitHub).
Therefore, you should explicitly include a fields variable in your Meta, regardless of the fields defined in the model. This has to be a tuple of all fields of the model which you need to have in the ModelForm. You can alternatively specify the value as '__all__'.
This has been introduced in Django 1.6:
Changed in Django 1.6:
Before version 1.6, the 'all' shortcut did not exist, but omitting the fields attribute had the same effect. Omitting both fields and exclude is now deprecated, but will continue to work as before until version 1.8.
Upvotes: 1
Reputation: 77912
I totally understand what the error is pointing out however I don't understand why it's showing up in the first place?
Err... Because your ModelForm doesn't explicitely specifies either a fields list or an exclude list ?
Here is the form django wants me to update: class DirectMessageAdmin(admin.ModelAdmin):
This is not a ModelForm, this is a ModelAdmin. Given the url in your error message I don't think it has anything to do with your admin...
Upvotes: 2
Related Questions
- Django FormModel fields not found
- Django form not rendering? (No Model)
- ModelForm object has no attribute 'fields'
- Django form instance is missing a field
- Form fields not being displayed Django
- Why are my django model fields not working?
- Django ModelForm not detecting field
- Django: Fields aren't loaded in the forms
- Django models problem
- Django form missing a field