SJB Institute of Technology, Bangalore – 60

BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

Name of the Course: FSD (18CS745)

NOTES – Module-4

Chapter 9
• Using Generic Views
• Generic Views of Objects
• Extending Generic Views
Chapter 11
• MIME Types
• Generating Non-HTML content like CSV and PDF
• Syndication feed framework
• Sitemap framework
Chapter 12
• Cookies
• Sessions
• Users and Authentication
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

CHAPTER 9

USING GENERIC VIEWS

Unlike classic views, generic views are classes not functions. Django offers a set of classes for generic
views in django.views.generic, and every generic view is one of those classes or a class that inherits from
one of them.

The direct_to_template view simply grabs information from the extra-parameters dictionary and uses that
information when rendering the view.
Because this generic view — and all the others — is a regular view functions like any other, we can
reuse it inside our own views.

They key is in the URLconf: we’re using the regular expression \w+ to match the page part of the URL,
and \w only accepts letters and numbers.
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

Next, we’ll write the about_pages view:

So we catch TemplateDoesNotExist exceptions and return 404 errors.

GENERIC VIEWS OF OBJECTS

The generic views really shine when it comes to presenting views of your database content. Because it’s
such a common task, Django comes with a handful of built-in generic views that make generating list
and detail views of objects incredibly easy.
Let’s start by looking at some examples of showing a list of objects or an individual object. We’ll be
using these models:
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

EXTENDING GENERIC VIEWS

1. Making “friendly” template contexts
2. Adding Extra Context
3. Viewing Subsets of Objects
4. Complex Filtering with Wrapper Functions
5. Performing Extra Work

1. Making “friendly” template contexts

The sample publisher list template stores all the books in a variable named object_list. While this
works just fine, it isn’t all that “friendly” to template authors: they have to “just know” that they’re
dealing with books here. A better name for that variable would be publisher_list; that variable’s
content is pretty obvious. We can change the name of that variable easily with the
template_object_name argument:

2. Adding Extra Context

To present some extra information beyond that provided by the generic view. For example, think of
showing a list of all the other publishers on each publisher detail page. The object_detail generic
view provides the publisher to the context, but it seems there’s no way to get a list of all publishers in
that template. But there is: all generic views take an extra optional parameter, extra_context. This is a
dictionary of extra objects that will be added to the template’s context. So, to provide the list of all
publishers on the detail detail view, we’d use an info dict like this:

This example puts Publisher.objects.all() in the URLconf, it will be evaluated only once (when the
URLconf is first loaded). Once you add or remove publishers, you’ll notice that the generic view
doesn’t reflect those changes until you reload the Web server.
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

3. Viewing Subsets of Objects

Most generic views take one of these queryset arguments — it’s how the view knows which set of
objects to display.
To pick a simple example, we might want to order a list of books by publication date, with the most
recent first:

If we want to add another publisher page, we’d need another handful of lines in the URLconf.
4. Complex Filtering with Wrapper Functions
Another common need is to filter down the objects given in a list page by some key in the URL.
Earlier we hard-coded the publisher’s name in the URLconf, but what if we wanted to write a view
that displayed all the books by some arbitrary publisher? We can “wrap” the object_list generic view
to avoid writing a lot of code by hand. As usual, we’ll start by writing a URLconf:
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

5. Performing Extra Work

The last common pattern we’ll look at involves doing some extra work before or after calling the
generic view. Imagine we had a last_accessed field on our Author object that we were using to keep
track of the last time anybody looked at that author. The generic object_detail view, of course,
wouldn’t know anything about this field, but once again we could easily write a custom view to keep
that field updated. First, we’d need to add an author detail bit in the URLconf to point to a custom
view:
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

CHAPTER 11

MIME Types

A view function, or view for short, is simply a Python function that takes a Web request and returns a
Web response. This response can be the HTML contents of a Web page, or a redirect, or a 404 error, or
an XML document, or an image…or anything, really.
A Django view function must
• Accept an HttpRequest instance as its first argument.
• Return an HttpResponse instance.
The key to returning non-HTML content from a view lies in the HttpResponse class, specifically the
mimetype constructor argument. By tweaking the MIME type, we can indicate to the browser that we’ve
returned a response of a different format.

For example, let’s look at a view that returns a PNG image. To keep things simple, we’ll just read the file
off the disk:

That’s it! If you replace the image path in the open() call with a path to a real image, you can use this
very simple view to serve an image, and the browser will display it correctly.

GENERATING NON-HTML CONTENT LIKE CSV AND PDF

CSV

CSV is a simple data format usually used by spreadsheet software. It’s basically a series of table rows,
with each cell in the row separated by a comma (CSV stands for comma-separated values). For example,
here’s some data on “unruly” airline passengers in CSV format:
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

• The response is given the text/csv MIME type (instead of the default text/html). This tells browsers
that the document is a CSV file.
• The response gets an additional Content-Disposition header, which contains the name of the CSV file.
This header (well, the “attachment” part) will instruct the browser to prompt for a location to save the
file (instead of just displaying it). This file name is arbitrary; call it whatever you want. It will be used by
browsers in the Save As dialog.
• Hooking into the CSV-generation API is easy: just pass response as the first argument to csv.writer.
The csv.writer function expects a filelike object, and HttpResponse objects fit the bill.
• For each row in your CSV file, call writer.writerow, passing it an iterable object such as a list or tuple.
• The CSV module takes care of quoting for you, so you don’t have to worry about escaping strings with
quotes or commas in them. Just pass information to writerow(), and it will do the right thing.

NOTE –
This is the general pattern you’ll use any time you need to return non-HTML content: create an
HttpResponse response object (with a special MIME type), pass it to something expecting a file, and then
return the response.

PDF

1. Installing ReportLab
2. Writing Your View
3. Complex PDFs
4. Other Possibilities
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

1. Installing ReportLab
• For windows in django install - pip install reportlab
• For ubuntu in Django install - apt-get install python-reportlab
• Test your installation by importing it in the Pyth interactive interpreter: >>> import reportlab
• If that command doesn’t raise any errors, the installation worked.

2. Writing Your View

Like CSV, generating PDFs dynamically with Django is easy because the ReportLab API acts on file
like objects
A “Hello World” example:

A few notes are in order: Here we use the application/pdf MIME type. This tells browsers that the
document is a PDF file, rather than an HTML file. If you leave off this information, browsers will
probably interpret the response as HTML, which will result in scary gobbledygook in the browser
window.
• Hooking into the ReportLab API is easy: just pass response as the first argument to canvas.Canvas.
The Canvas class expects a filelike object, and HttpResponse objects fit the bill.
• All subsequent PDF-generation methods are called on the PDF object (in this case, p), not on
response.
• Finally, it’s important to call showPage() and save() on the PDF file (or else you’ll end up with a
corrupted PDF file)
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

3. Complex PDFs
If you’re creating a complex PDF document (or any large data blob), consider using the cStringIO
library as a temporary holding place for your PDF file. The cStringIO library provides a file-like
object interface that is written in C for maximum efficiency.

4. Other Possibilities
There’s a whole host of other types of content you can generate in Python. Here are a few more ideas
and some pointers to libraries you could use to implement them:
ZIP files: Python’s standard library ships with the zipfile module, which can both read and write
compressed ZIP files.
Dynamic images: The Python Imaging Library is a fantastic toolkit for producing images (PNG,
JPEG, GIF, and a whole lot more). You could use it to automatically scale down images into
thumbnails, composite multiple images into a single frame.
Plots and charts: There are a number of incredibly powerful Python plotting and charting libraries
you could use to produce on-demand maps, charts, plots, and graphs.
- matplotlib - can be used to produce the type of high-quality plots usually generated with MatLab
or Mathematica.
- pygraphviz - an interface to the Graphviz graph layout toolkit (http://graphviz.org/), can be used
for generating structured diagrams of graphs and networks.
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

SYNDICATION FEED FRAMEWORK

• High-level framework for generating RSS and Atom feeds.

• Create multiple feeds using simple Python classes.
• Feeds are conventionally accessed via the /feeds/ URL.
RSS and Atom are both XML-based formats you can use to provide automatically updating “feeds” of
your site’s content.

1. Initialization
2. A Simple Feed
3. A More Complex Feed
4. Specifying the Type of Feed
5. Enclosures
6. Language
7. URLs
8. Publishing Atom and RSS Feeds in Tandem

1. Initialization
• Add a URLconf to activate syndication feeds.
(r'^feeds/(?P.*)/$', 'django.contrib.syndication.views.feed', {'feed_dict': feeds}),
• This directs all URLs starting with /feeds/ to the RSS framework.
• Customize the URL prefix (feeds/) as needed.
2. A Simple Feed
This simple example, taken from chicagocrime.org, describes a feed of the latest five news items:
• Use feed_dict to map feed slugs to Feed classes:
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

3. A More Complex Feed

The framework also supports more complex feeds, via parameters.
For example, a website could offer an RSS feed of recent crimes for every police beat in a city. It’d
be silly to create a separate Feed class for each police beat; that would violate the DRY principle and
would couple data to programming logic. Instead, the syndication framework lets you access the
arguments passed from your URLconf so feeds can output items based on information in the feed’s
URL.
The police beat feeds could be accessible via URLs like this:

/beats/613/rss/ – Returns recent crimes for beat 613.

/beats/1424/rss/ – Returns recent crimes for beat 1424.
Like a view, the arguments in the URL are passed to the get_object() method along with the request
object.

4. Specifying the Type of Feed

A Feed class is a Python class that represents a syndication feed.
By default, the syndication framework produces RSS 2.0 (Really simple syndication) To change that,
add a feed_type attribute to your Feed class:

Note that you set feed_type to a class object, not an instance. Currently available feed types are
shown in Table
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

5. Enclosures
To specify enclosures (i.e., media resources associated with a feed item such as MP3 podcast feeds),
use the item_enclosure_url, item_enclosure_length, and item_enclosure_mime_type hooks, for
example:

6. Language
Feeds created by the syndication framework automatically include the appropriate tag (RSS 2.0) or
xml:lang attribute (Atom). This comes directly from your LANGUAGE_CODE setting.

7. URLs
The link method/attribute can return either an absolute URL (e.g., "/blog/") or a URL with the fully
qualified domain and protocol (e.g., "http://www.example.com/blog/").
If link doesn’t return the domain, the syndication framework will insert the domain of the current
site, according to your SITE_ID setting.
Atom feeds require a <link rel="self"> that defines the feed’s current location. The syndication
framework populates this automatically, using the domain of the current site according to the
SITE_ID setting.
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

8. Publishing Atom and RSS Feeds in Tandem

Some developers like to make available both Atom and RSS versions of their feeds. To do that, you
can create a subclass of your Feed class and set the feed_type to something different. Then update
your URLconf to add the extra versions.

SITEMAP FRAMEWORK

• A sitemap is an XML file that helps search engines index your site.
• Tells search engines how frequently pages change and their importance.

The Django sitemap framework automates the creation of this XML file by letting you express this
information in Python code. To create a sitemap, you just need to write a Sitemap class and point to it in
your URLconf.
1. Installation
2. Initialization
3. Sitemap Classes
4. Shortcut – FlatPageSitemap, GenericSitemap
5. Creating a Sitemap Index
6. Pinging Google
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

1. Installation
• Add 'django.contrib.sitemaps' to INSTALLED_APPS.
• Ensure 'django.template.loaders.app_directories.load_template_source' is in
TEMPLATE_LOADERS.
• Install the sites framework.
2. Initialization
• Add this line to URLconf to activate sitemap generation
path(r'^sitemap\.xml$', 'django.contrib.sitemaps.views.sitemap', {'sitemaps': sitemaps})
• The dot in sitemap.xml is escaped with a backslash.
3. Sitemap Classes
• Subclass django.contrib.sitemaps.Sitemap.
• Define methods and attributes such as items, lastmod, changefreq, priority.

4. Shortcut – FlatPageSitemap, GenericSitemap

FlatPageSitemap - The django.contrib.sitemaps.FlatPageSitemap class looks at all flat pages defined
for the current site and creates an entry in the sitemap. These entries include only the location
attribute — not lastmod, changefreq, or priority.
GenericSitemap - The GenericSitemap class works with any generic views.

5. Creating a Sitemap Index

The sitemap framework also has the ability to create a sitemap index that references individual
sitemap files, one per each section defined in your sitemaps dictionary. The only differences in usage
are as follows:
1. You use two views in your URLconf: django.contrib.sitemaps.views.index and
django.contrib.sitemaps.views.sitemap.
2. The django.contrib.sitemaps.views.sitemap view should take a section keyword argument.
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

6. Pinging Google
You may want to “ping” Google when your sitemap changes, to let it know to reindex your site. The
framework provides a function to do just that: django.contrib.sitemaps.ping_google().
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

CHAPTER 12

COOKIES
• Cookies help overcome HTTP's statelessness by storing small pieces of information in the browser.
• Browsers send cookies back to the server with each request, allowing servers to recognize returning
users.
1. How Cookies Work: • Example:
• Browser requests a page from Google:
GET / HTTP/1.1
Host: google.com
• Google responds with a Set-Cookie header:
HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: PREF=ID=5b14f22bdaf1e81c:TM=1167000671:LM=1167000671; expires=Sun, 17-Jan-
2038 19:14:07 GMT; path=/; domain=.google.com
Server: GWS/2.1
• Browser stores the cookie and sends it back on subsequent requests
GET / HTTP/1.1
Host: google.com
Cookie: PREF=ID=5b14f22bdaf1e81c:TM=1167000671:LM=1167000671
2. Getting and Setting Cookies in Django:
• Reading Cookies:
• Use the COOKIES attribute of HttpRequest to read cookies.

• Writing Cookies:
• Use the set_cookie() method of HttpResponse to set cookies.
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

3. Optional Arguments for set_cookie():

• You can pass various optional arguments to response.set_cookie() to control aspects of the cookie,
such as:
• max_age: The maximum age of the cookie in seconds.
• expires: The expiration date of the cookie.
• path: The path for which the cookie is valid.
• domain: The domain for which the cookie is valid.
• secure: If True, the cookie will only be sent over HTTPS.
• httponly: If True, the cookie will only be accessible via HTTP(S) and not via client-side scripts.
4. Problems with Cookies:
• Voluntary Storage:
• Clients can choose not to accept or store cookies, making them unreliable.
• Developers should verify if a user accepts cookies before relying on them.
5. Security Concerns:
• Cookies sent over HTTP are vulnerable to snooping attacks.
• Never store sensitive information in cookies.
• Man-in-the-Middle Attacks: Attackers can intercept and use cookies to impersonate users.
6. Tampering:
• Browsers allow users to edit cookies, making it risky to store important state information in
cookies.
• Example of a security mistake: # Storing something like IsLoggedIn=1 in a cookie can be easily
tampered with.
• Use secure methods (e.g., HTTPS) to transmit cookies.
• Avoid storing sensitive information directly in cookies.
• Validate and sanitize all data received from cookies.

SESSIONS
• Django's session framework addresses the limitations and potential security issues of using cookies
directly by providing a way to store and retrieve arbitrary data on a per-site visitor basis.
• The session data is stored server-side, with only a hashed session ID sent to the client, mitigating many
common cookie-related issues.
1. Enabling Sessions
2. Using Sessions in Views
3. Setting Test Cookies
4. Using Sessions Outside of Views
5. When Sessions Are Saved
6. Browser-Length Sessions vs. Persistent Sessions
7. Other Session Settings
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

1. Enabling Sessions

• Middleware and Installed Apps:

• Ensure SessionMiddleware is included in your MIDDLEWARE_CLASSES

MIDDLEWARE_CLASSES = [

'django.contrib.sessions.middleware.SessionMiddleware',

• Ensure django.contrib.sessions is in your INSTALLED_APPS.

INSTALLED_APPS = [

'django.contrib.sessions',

2. Using Sessions in Views

• When SessionMiddleware is enabled, each HttpRequest object has a session attribute,

which behaves like a dictionary:

• Setting a session value

request.session["fav_color"] = "blue"

• Getting a session value:

fav_color = request.session["fav_color"]

• Clearing a session value

del request.session["fav_color"]

• Checking if a session key exists

if "fav_color" in request.session:
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

3. Setting Test Cookies

Django provides an easy way to test whether a user’s browser accepts cookies.

request.session.set_test_cookie() in a view, and check request.session.test_cookie_worked() in a

subsequent view—not in the same view call.

This split between set_test_cookie() and test_cookie_worked() is necessary due to the way cookies
work. When you set a cookie, you can’t actually tell whether a browser accepted it until the
browser’s next request.

It’s good practice to use delete_test_cookie() to clean up after yourself. Do this after you’ve
verified that the test cookie worked.

4. Using Sessions Outside of Views

Sessions can also be managed directly through Django’s session model:

from django.contrib.sessions.models import Session

s = Session.objects.get(pk='2b1189a188b44ad18c35e113ac6ceead')

session_data = s.get_decoded()

5. When Sessions Are Saved

By default, Django saves the session to the database only if it has been modified:

request.session['foo'] = 'bar' # Modified

del request.session['foo'] # Modified

request.session['foo'] = {} # Modified

request.session['foo']['bar'] = 'baz' # Not Modified.

• To save the session on every request, set SESSION_SAVE_EVERY_REQUEST to True.

6. Browser-Length Sessions vs. Persistent Sessions

• Persistent sessions (default): Cookies are stored for SESSION_COOKIE_AGE seconds

(default: two weeks).

• Browser-length sessions: Set SESSION_EXPIRE_AT_BROWSER_CLOSE to True to

use browser-length cookies.

 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

7. Other Session Settings

• SESSION_COOKIE_DOMAIN: Domain for session cookies.

• SESSION_COOKIE_NAME: Name of the session cookie.

• SESSION_COOKIE_SECURE: Use secure cookies (only sent via HTTPS).

USERS AND AUTHENTICATION

1. Django Auth/Auth System Overview

• Authentication: Verify user identity using username and password.

• Authorization: Grant permissions to users to perform specific tasks.

2. Components of the Auth/Auth System

• Users: Registered users on the site.

• Permissions: Flags indicating user capabilities.

• Groups: Labels and permissions for multiple users.

• Messages: Queue and display system messages.

1. Enabling Authentication Support

2. Using Users
3. Logging In and Out
4. Limiting Access to Logged-in Users
5. Limiting Access to Users Who Pass a Test
6. Managing Users, Permissions, and Groups – creating a user,changing password, handling
registration
7. Using Authentication Data in Templates

1. Enabling Authentication Support

• Ensure the session framework is installed.
• Add 'django.contrib.auth' to INSTALLED_APPS and run manage.py syncdb.
• Include 'django.contrib.auth.middleware.AuthenticationMiddleware' in
MIDDLEWARE_CLASSES after SessionMiddleware.
# settings.py
INSTALLED_APPS = [
'django.contrib.auth',
]
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

MIDDLEWARE_CLASSES = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
]
2. Using Users
Anonymous User objects emulate some of this interface, but not all of it, so you should always check
user.is_authenticated() before assuming you’re dealing with a bonafide user object.
3. Logging In and Out
• Use auth.authenticate(username, password) to verify credentials.
• Check if a user is authenticated with request.user.is_authenticated()
• Use auth.login(request, user) to log in a user.
• Use auth.logout(request) to log out a user.
if request.user.is_authenticated():
# Do something for authenticated users.
else:
# Do something for anonymous users.
4. Limiting Access to Logged-in Users
The simple, raw way to limit access to pages is to check request.user.is_authenticated() and redirect
to a login page:
As a shortcut, you can use the convenient login_required decorator
from django.contrib.auth.decorators import login_required
@login_required
def my_view(request):
# ...
login_required does the following:
• If the user isn’t logged in, redirect to /accounts/login/, passing the current absolute URL in the
query string as next, for example: /accounts/login/?next=/polls/3/.
• If the user is logged in, execute the view normally. The view code can then assume that the user is
logged in.
5. Limiting Access to Users Who Pass a Test
Limiting access based on certain permissions or some other test, or providing a different location for
the login view works essentially the same way.
user.permissions.add(permission1, permission2, ...)
user.permissions.remove(permission1, permission2, ...)
user.permissions.clear()
 SJB Institute of Technology, Bangalore – 60
BACHELOR OF ENGINEERING
DEPARTMENT OF INFORMATION SCIENCE & ENGINEERING

6. Managing Users, Permissions, and Groups – creating a user,changing password, handling registration
• Admin interface provides an easy way to manage users and their permissions.
• Low-level APIs available for absolute control over user management.
user.groups.add(group1, group2, ...)
user.groups.remove(group1, group2, ...)
user.groups.clear()
user.permissions.add(permission1, permission2, ...) user.permissions.remove(permission1,
permission2, ...)
user.permissions.clear()
7. Using Authentication Data in Templates
• {{ user }} template variable for accessing the current user.
• {{ perms }} template variable for checking user permissions within templates.

Prepared By,
Ranjitha J
Assistant
ProfessorDept, of
ISE
SJB Institute of Technology