Version 21 (modified by 15 years ago) ( diff ) | ,
---|
Message Passing For Anonymous Users
Proposal for 1.2: Django should include a contrib app, independent of contrib.auth, that facilitates message passing to anonymous users.
For more information see:
- Ticket #4604
- http://groups.google.com/group/django-developers/browse_thread/thread/eba93088c649022b
- http://www.caktusgroup.com/blog/2009/06/19/towards-a-standard-for-django-session-messages/
Justification
Reasons why an alternative to the existing functionality (user.message_set.create) is needed:
- It's not possible to create messages for anonymous users
- If the same Django user is logged in twice on different computers simultaneously, they see each others' messages
- User messages may get wiped even if they're not actually displayed to the user
- High-load sites want to avoid the unneeded database or cache usage
Reasons why a standard needs to be endorsed by Django and a 3rd party app will not suffice:
- The built-in implementation is broken for a large set of use cases (above); the fact that Django actively encourages this method of messaging is a bad thing
- Reusable apps don't know what 3rd party system to use and hence cannot rely on providing session feedback
Integrating with the Existing API
It is not possible nor desirable to integrate with the existing API because it is tied directly to a related manager on the user model and cannot be extended to support the additional functionality in this proposal (without some ugly hacks). There are several possible solutions to this conflict (we don't really need or want two messaging APIs in the core); feel free to add more:
- In the documentation, case the user messaging API in a vary narrow use; e.g., administrator messages to specific users
- Phase out user messages entirely
Existing 3rd Party Apps
There are a number of good, pre-existing applications out there that support more robust functionality, so there is no need to re-implement a solution from scratch for inclusion in Django. The existing solutions can be combined or modified to meet Django's needs. This section is meant to evaluate some of the different session/cookie message/notification engines out there for potential inclusion in Django as a contrib app. It is a work in progress so please contribute (your notification engine here) or other changes as you see fit.
Criteria
Technical criteria necessary for inclusion in the core:
- Support message passing for anonymous users
- Uses the session only as a fallback: Avoid database/cache queries if possible, but support larger messages that don't fit in a cookie (> 4kb) when needed
- Don't lose messages if they're not displayed to the user (lazy message loading)
- Signs cookie-based messages
- Avoids pickling because of the obvious security concerns
- Provide a standard, intuitive interface so that reusable apps can provide feedback related to the current session
- Supports different, configurable "classes" (e.g., info, warning, error, etc.) of messages
Community criteria necessary for inclusion in the core:
- Needs community approval/support
- Needs to be the "de facto" standard implementation
Available Options
Name and Link | Anonymous user support | Session Fallback | Lazy loads messages | Signed cookies | Avoids pickling | Standard interface | Classed Messages |
django-notify | yes | yes | yes | yes | no | yes | yes (via "tags") |
django-flash | yes | no | no | yes | no | no | yes (but not in a standard way) |
django-flash-status | yes | no | no | yes | no | yes | yes, "errors" or "statuses" |
django-cnotes | yes | no | no | yes | no | yes | no |
django-notices | yes | no | yes? | no (no cookie support) | n/a | yes | yes |
- yes means yes, always or, at least, can be configured to do this
- no means no, not in the current implementation
- n/a means not applicable
Please update this table with new options or corrected information as necessary.
Potential API
The API is under discussion on the django-developers list. Following are a few different iterations of what it might look like:
from django.contrib import messages request.messages.add('message', messages.INFO) # or request.messages.add('message', classes=(messages.WARNING,)) # or request.messages.error('message')
Using messages in your template:
{% if request.messages %} <ul class="messages"> {% for message in request.messages %} <li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li> {% endfor %} </ul> {% endif %}
django-notify
django-notify is the current front-runner in terms of technical features so a sampling of the potential API is included below. Feel free to include the API(s) of other solutions as well for comparison. It is understood that, should django-notify be chosen, this may (and probably will) change prior to inclusion in the core.
Add the middleware to your MIDDLEWARE_CLASSES setting (after SessionMiddleware):
'django_notify.middleware.NotificationsMiddleware',
Add the context processor into your TEMPLATE_CONTEXT_PROCESSORS setting:
'django_notify.context_processors.notifications',
Add a temporary notification message like this:
request.notifications.add('Hello world.') # You can optionally provide a string containing tags (which is usually represented as HTML classes for the message). request.notifications.add('Your rating is over 9000!', 'error')
Use notifications in your template:
{% if notifications %} <ul class="notifications"> {% for message in notifications %} <li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li> {% endfor %} </ul> {% endif %}
TODO Once a Solution is Chosen
- Clean up the API, if necessary, to make it the de facto standard implementation for Django
- Review the code and make any additional feature changes necessary to support the technical criteria necessary for inclusion
Other Considerations
- This app will ideally take advantage of the cookie signing API that is also proposed for 1.2.