Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
django-dynamic-raw-id
Advanced tools
raw_id_fields widget replacement that handles display of an object's string value on change.
A Django admin raw_id_fields widget replacement that handles display of an object's string value on change and can be overridden via a template.
See this example:
Py/Dj | 3.8 | 3.9 | 3.10 | 3.11 | 3.12 |
---|---|---|---|---|---|
3.2 (LTS) | ✓ | ✓ | ✓ | ✓ | ✓ |
4.0 | ✓ | ✓ | ✓ | ✓ | ✓ |
4.1 | ✓ | ✓ | ✓ | ✓ | ✓ |
4.2 (LTS) | ✓ | ✓ | ✓ | ✓ | ✓ |
5.0 | — | — | ✓ | ✓ | ✓ |
5.1 | — | — | ✓ | ✓ | ✓ |
By default, Django’s admin loads all possible related instances into a select-box
interface (<select>
) for fields that are ForeignKey. This can result in long load
times and unresponsive admin pages for models with thousands of instances, or with
multiple ForeinKeys.
The normal fix is to use Django's ModelAdmin.raw_id_fields, but by default it only shows the raw id of the related model instance, which is somewhat unhelpful.
This package improves the user experience by providing the string representation or other customized text for the related instance, linked to that instance's admin change form, in addition to the raw id itself.
Install the package with `pip``:
$ pip install django-dynamic-raw-id
Put dynamic_raw_id
to your list of INSTALLED_APPS
:
INSTALLED_APPS = (
# ... other apps
'dynamic_raw_id',
)
And add the urlpattern
. Make sure its listed before the generic admin.site.urls
urlpattern include:
urlpatterns = [
# ...
path('admin/dynamic_raw_id/', include('dynamic_raw_id.urls')),
path("admin/", admin.site.urls),
]
dynamic_raw_id
comes with some static files so don't forget to run
manage.py collectstatic
.
To start using django-dynamic-raw-id in your application all you need to do is
implement DynamicRawIDMixin
in your ModelAdmin
class and add the desired
fields to a list of `dynamic_raw_id_fields``:
from dynamic_raw_id.admin import DynamicRawIDMixin
class UserProfileAdmin(DynamicRawIDMixin, admin.ModelAdmin):
dynamic_raw_id_fields = ('user',)
You can use dynamic_raw_id widgets in a Admin filter as well:
from dynamic_raw_id.admin import DynamicRawIDMixin
from dynamic_raw_id.filters import DynamicRawIDFilter
class UserProfileAdmin(DynamicRawIDMixin, admin.ModelAdmin):
list_filter = (
('dynamic_raw_id_fk', DynamicRawIDFilter),
)
The coolest feature of django-dynamic-raw-id is the ability to customize the output
of the value displayed alongside the DynamicRawIDWidget
. There is a basic
implementation if all you want is your object's __unicode__
value. To change
the value displayed all you need to do is implement the correct template.
django-dynamic-raw-id looks for this template
structure dynamic_raw_id/<app>/<model>.html
and dynamic_raw_id/<app>/multi_<model>.html
(for multi-value lookups).
For instance, if I have a blog post with a User
dynamic_raw_id field that I want
display as Firstname Lastname
, I would create the template
dynamic_raw_id/auth/user.html
with:
<span>{{ object.0.first_name }} {{ object.0.last_name }}</span>
If you have your admin and the dynamic_raw_id scripts located on a different
prefix than /admin/dynamic_raw_id/
you need adjust the DYNAMIC_RAW_ID_MOUNT_URL
Javascript variable.
Example:
# In case the app is setup at /foobar/dynamic_raw_id/
path('foobar/dynamic_raw_id/', include('dynamic_raw_id.urls')),
<script>
window.DYNAMIC_RAW_ID_MOUNT_URL = "{% url 'admin:index' %}";
</script>
An ideal place is the admin admin/base_site.html
template. Full example:
{% extends "admin/base_site.html" %} {% block extrahead %} {{ block.super }}
<script>
window.DYNAMIC_RAW_ID_MOUNT_URL = "{% url 'admin:index' %}";
</script>
{% endblock %}
The testsuite uses Selenium to do frontend tests, we require Firefox and geckodriver to be installed. You can install geckodriver on OS X with Homebrew:
$ brew install geckodriver
Run the testsuite in your local environment using:
# If you don't have Poetry yet, install it globally.
$ pip install poetry
# Install Dependencies once and run pytest
$ poetry install
$ poetry run pytest
Or use tox to test against various Django and Python versions:
# If you don't have Tox yet, install it globally.
$ pip install tox
# Run tox against multiple Python versions.
$ tox
You can open a Poetry shell to invoke the test suite or other 'manage.py' commands
by calling the django-admin
tool with the test app settings.
This also allows you to run the internal testing app in a testserver, to preview a sample of what django-dynamic-raw-id is doing:
$ poetry shell
$ django-admin migrate
$ django-admin createsuperuser
$ django-admin runserver
django-dynamic-raw-id
.
to reflect what it's actually doing.FAQs
raw_id_fields widget replacement that handles display of an object's string value on change.
We found that django-dynamic-raw-id demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.