CODEWITHSUNDEEP
pythondjangoauthentication
Alex
Alex

Reputation: 929

Authentication User Django Depending on the User

I'm stuck on my django project, I used django default login system, everything works great here, I have 3 users, the first one gets an "Admin Panel" the second one gets a "Capture info panel" and the Third one can only sees the content printed by the other 2 users.

Myy questions are:

What do I need to give permissions to each user? How can I redirect each panel to their respective user?

P.S. I already have the templates to each panel with their urls and views but I don't know how to show them.

Thanks in advance for taking your time to answer this newbies question but I just started working with this framework a week ago.

Update

Now I get a 404 error, instead of getting the page where I supposed to redirect.

This is my urls.py

from django.conf.urls import patterns, include, url
from .views import PanelRedirectView,PanelCapturista

urlpatterns = patterns('',

url(r'^$' , 'django.contrib.auth.views.login', {'template_name':'inicio/index.html'},
    name='login'),

url(r'cerrar/$' , 'django.contrib.auth.views.logout_then_login', name='logout'),

url(r'^panel-capturista/$' , PanelCapturista.as_view() , name="panel-capturista"),

)

My views .py

from django.core.urlresolvers import reverse_lazy
from django.views.generic.base import RedirectView,TemplateView


class PanelRedirectView(RedirectView):

    def get_redirect_url(self, *args, **kwargs):
        user = self.request.user
        if user.groups.filter(name='gerente').count():
            return reverse_lazy('panel-gerente')
        elif user.groups.filter(name='capturista').count():
            return reverse_lazy('panel-capturista')
    else:
        return reverse_lazy('cliente')

class PanelCapturista(TemplateView):
    template_name = 'capturista/panel-capturista.html'

Upvotes: 1

Views: 647

Answers (2)

Jeff Miller
Jeff Miller

Reputation: 588

What do I need to give permissions to each user?

What you're going to want here is a Group for each type of user (https://docs.djangoproject.com/en/dev/topics/auth/default/#groups). E.G. 'Superuser', 'Normal User', and 'Restricted User'. These Groups can be created in the Django Admin Console and then each user can be assigned to their respective groups using the same Django Admin Console (https://docs.djangoproject.com/en/dev/topics/auth/default/#managing-users-in-the-admin).

How can I redirect each panel to their respective user?

You will want to define a RedirectView that forwards to user's request to the expected "panel" view based on the user's assigned group (https://docs.djangoproject.com/en/dev/ref/class-based-views/base/#redirectview).

from django.core.urlresolvers import reverse
from django.views.generic.base import RedirectView

from articles.models import Article

class PanelRedirectView(RedirectView):

    def get_redirect_url(self, *args, **kwargs):
        user = self.request.user
        if user.groups.filter(name='superuser').count():
            return reverse('superuser-panel')
        elif user.groups.filter(name='regular_user').count():
            return reverse('regular-user-panel')
        else:
            return reverse('restricted-user-panel')

You can then use the annotations described by Joran to restricted access to the particular views being redirected to. The example I described uses restrictions based User Groups, whereas his answer uses restrictions based on User Permissions. This is more of a personal preference when dealing with a simple permission scheme like the one you are describing.

* More Details *

To redirect the user on login...

  1. Create a named url for your redirect view in urls.py

    url(r'^panel-redirect/$' , PanelRedirectView.as_view() , name="panel-redirect"),

  2. change LOGIN_REDIRECT_URL in settings.py to point to this redirect view on login

    LOGIN_REDIRECT_URL = reverse('panel-redirect')

When the person logs in they will be redirected to the RedirectView, which in turn will redirect the person to the correct panel based on his/her assigned group

Upvotes: 1

Joran Beasley
Joran Beasley

Reputation: 113948

something like (maybe reinventing the wheel)

class require_permission:
     def __init__(self,permission,redirect="index/denied_access"):
       self.perm = permission
       self.redirect = redirect

    @require_login
    def __call__(self,f):
        def fn(self,request,*args,**kwargs):
           if not request.user.has_perm(self.perm):
               redirect(self.redirect)
           return f(request,*args,**kwargs)
        return fn

 ...

 @require_permission(PERMISSION.CAN_VIEW_ADMIN,'index/capture_info')
 def admin_view(request,*args,**kw):
     return HttpResponse(...)

 @require_permission(PERMISSION.CAN_CAPTURE_INFO,'index/basic_user')
 def capture_view(request,*args,**kw):
      return HttpRespone(...)

 @require_login
 def basic_view(request,*args,**kw):
      return HttpResponse(...)

Upvotes: 1

Related Questions