I have a method in one of my manager where I want to import my forms and pass the user as an argument, then call that method in my view where I want to set form based on the user type.
I just wanted to ask, is it secure to do this? Does this way have any security loophole?
Is it secure? Sure. there’s no “security loophole” that exists within that.
However, my reaction to what you’re asking about is “you really don’t want to do that”.
You have mentioned before that you are looking for your design to be “loosely coupled” between modules, and doing this would be a definite violation of that principle.
A form is a Python representation of an HTML form - something that is managed by a view, like any other template-type feature. Even a ModelForm is still a Form - it is not a model.
So what you’re doing is coupling a Python representation of your database (Model) to the Python representations of your displays (Forms).