Create a staff user in django

Question

I want to create a signup system with django . and I create a user with a class that is on forms.py and extends UserCreationForm . and I run server and fill the form and user is created but I cannot login with this user on the login page of django and it says me the user is not a staff user how to make my user staff ???

forms.py :

class ModelNameForm(UserCreationForm):

    email = forms.EmailField(required=True)

    class Meta:
        model = User
        fields = (
            'username' ,
            'first_name' ,
            'last_name' ,
            'email' ,
            'password1' ,
            'password2'
        )

    def save(self, commit=True):
        user = super (ModelNameForm , self ).save(commit=False)
        user.first_name = self.cleaned_data ['first_name']
        user.last_name = self.cleaned_data ['last_name']
        user.email = self.cleaned_data ['email']

        if commit :
            user.save()

        return user

views.py :

def register (request):

    form = ModelNameForm (request.POST)

    if form.is_valid():
        form.save()
        return HttpResponseRedirect('/thanks')

    else:
        form = ModelNameForm()

        args = {'form' : form }
    return render(request , 'signup.html' , args)

Answer 1

I added user.is_staff = True in a separate form for creating staff users and I used another form for creating regular users. So that I am able to prevent all new users from becoming staff users.

I am using custom user model. Following is the code for creating staff users:

forms.py

class StaffCreationForm(forms.ModelForm):
"""
A Custom form for creating new staffs.
"""
    class Meta:
        model = get_user_model()
        fields = ['name','phone']

views.py

def register_staff(request):
if request.user.is_superuser: # giving access to superuser only.
    form = StaffCreationForm()
    if request.method == 'POST':
        form = StaffCreationForm(request.POST)
        if form.is_valid():

            phone = form.cleaned_data.get('phone') # obtaining data from fields.
            name = form.cleaned_data.get('name')

            user = User.objects.create_user(phone = phone, name = name) # assigning obtained data to model variables and save user as staff.
            user.is_staff=True
            user.save()

            message = ('%(name)s is added as a staff.') % {'name': name} # flash message for successful registration.
            messages.success(request, message)
            return redirect('staff')
    context = {'form':form}
    return render(request, 'registration/add_staff.html', context)
else:
    return render(request, 'error-404.html')

urls.py

urlpatterns = [
    path('add_staff', register_staff, name = 'staff'),
]

add_staff.html

<form method="POST">
    {% csrf_token %}
        {% for message in messages %}
            {% if message.tags %}
                <div class="alert alert-{{message.tags}}">
                    {{message}}
                </div>
            {% endif %}
        {% endfor %}
    {{ form|crispy }}
    <input type="submit" class="btn btn-primary" value="Add Staff">
</form>

Answer 2

You can add user.is_staff = True in your ModelForm save method. But this is not safe because all new users will became staff users and they will have access to your admin page.

More safe way is create superuser and give access to another users manually in your admin. You can create superuser by this:

python manage.py createsuperuser

And after this you can to login with your superuser credentials to your django admin page. If need to give staff rights to users you have to open your admin page with superuser account, then click Users and find user. Open this user and click checkbox is staff.

Answer 3

you can do that by adding

user.is_staff = True in your the model form save method