#django

but of course, you need to do that before you remove it from INSTALLED_APPS

that would work as long as the app doesn't have any inter-app dependencies, right?

which it doesn't

but it still needs to be in INSTALLED_APPS

it's ok, DROP TABLE is fine

Well you can create fake app...

jtiai helped me solved my issue, thank you again for saving my ass :)

hah, thanks guys

jtiai: something is not right here, now I'm getting weird errors on trying to create a superuser from the commandline

like, AttributeError: 'Manager' object has no attribute 'create_superuser'

using "python manage.py createsuperuser --email test@email.com";

dtornabene: Custom user model?

yep

Can you paste your model somewhere (except in pastebin.com)?

for sure

thank you for your time

before I do, i think I can guess what it is, i haven't defined a custom manager object yet

jtiai: here it is, https://dpaste.de/Gbr3

apologies in advance for the horrible off-topic, won't happen ever again: if anybody's here is into electro/industrial/EBM-adjacent music and feels like helping, please PM me

dtornabene: Right, you need to declare manager for your model.

jtiai: thank you, its one of those days where every step is a stumble

dtornabene: https://docs.djangoproject.com/en/1.10/topics/a... instructions are below that (wonder why there is no title for that part)

jtiai: thank you

jtiai: shouldn't migrating to zero and then deleting from INSTALLED_APPS work?

moldy: Not sure. Could work.

Wonder does that migrate to zero require that all migrations do have reverse migration...

good question

I think system needs to go through all migrations and do downgrade. otherwise models added in the middle wouldn't be cleaned up.

and that may be interesting if there are data migrations involved.

makes sense

Hi, all. Is it possible to implement custom confirmation view (popup?) for django admin to confirm "save" action on change view?

at least as it's defined for delete action

Hi everyone, I am working on a system that lists out a range of products sorted by their product code. The product codes are made up of two letters for the followed by a number, for example EG1.

I currently sort these products by doing a simple Product.objects.order_by('product_code'), however as there can be multiple digit product codes (for example EG12), these will come out above ahead of the single digit codes.

i.e EG1, EG11, EG12, EG13 ... EG19, EG2, EG20

I know that adding leading zeros to the product codes will fix this (i.e EG01 rather than EG1) but as there is already printed literature and an existing site using EG1 this is not an option.

Is there a way to fix this to show these products in the correct order?

pete___: I didn't find a solution in Django yet, but what you want to look up is "natural sort"

I'm not sure how you'd do "human-friendly sorting" on the database level (may be possible but ask someone else), so one option would be to add another field to sort them by in the database

or do a natural sort in Python after you've fetched them

pete___: https://pypi.python.org/pypi/natsort

sash_ / vield_ : Ahhh... handy thanks

you can natsort in postgres

nice

you can even index on it

fleetfox: thanks, but that looks confusing as hell!

you don't have to understand it to use it

fleetfox: hummm... I don't even know what I need to feed in though, currently my objects exist as a basic django queryset

hello friends, i have a question regarding csrf token validation. The concept is clear to me, the user gets a secret token from the server which he will then use on the following requests to verify that it is really him who sent them. But i don't understand how django validates those tokens? I thought django stores them in a DB table or so, but that seems not the case, since i could still send a request which required the

token after deleten the DB and restarting the server, without reloading the page, so that the old token was used.

christian__: the token is cryptographically signed with the SECRET_KEY in your settings. This way django can detect if the token is valid without having to store it anywhere

anyone familiar with django-compressor? I want to concat and hash files, but ommit minimization

moritz_s: thank you! that's exactly what i was curious about

finally i can go to sleep again without thinking about this the whole night

jtiai: still here?

christian__: I just looked at the code and it turns out what I said wasn't entirely correct: The csrf token is stored in the User's session, which is either stored in the DB or in a Cookie in which case it will be signed. So either way it can't be changed by the user. Then the value from the session is compared to the one the user sent in the POST request.

I don't remember us signing CSRF cookies.

The trick with CSRF protection is that the cookie your browser sends, and the hidden form value it sends on the POST, must be the same.

yeah csrf isn't verified in any way

it fully depends on the browser adhering on single origin policy

e.g. a script on a different domain can't steal your csrf token

So if I, on my malicious website, build a form that tricks users into submitting something to another website, I don't know what the user's browser has for the token value in its cookies, so I can't submit the right hidden field value.

Yes, that :)

it’s 23: 00

:D time to sleep

but I still not find the correct way solve my problem

erik`: yes, what I meant is: In case you use cookie based sessions, then and only then the token is signed, because of the way the cookie based storage works.

may be I should ask in stackoverflow

moritz_s, even then the token is not signed, as the CSRF token is not stored in the session

the session data in the session cookie is signed

(1.11 will offer storing the csrf token in the session with a setting)