CODEWITHSUNDEEP
pythondjango
Quang Tu
Quang Tu

Reputation: 44

How to log in and check, if user is staff, can access to url or use a views class?

At my question, my problem is How to log in and check, if user is staff, can access to url or use a views class ?

I want to user login on website (Not admin-console) and user is staff (in admin-console) can post.

And someone just have a account create on web (they dont have permission staff) thay just can login.

Thank you so much !

class PostCreateView(LoginRequiredMixin, CreateView):
    model = Post
    fields = ['title','content']
    def form_valid(self, form):
        form.instance.author = self.request.user
        return super().form_valid(form)

Upvotes: 1

Views: 4311

Answers (4)

Alvaro Rodriguez Scelza
Alvaro Rodriguez Scelza

Reputation: 4174

If you are using DRF, you can use IsAdminUser:

from rest_framework import mixins, viewsets
from rest_framework.permissions import IsAdminUser

from my_serializers import SomeSerializer


class SomeView(mixins.ListModelMixin, viewsets.GenericViewSet):
    serializer_class = SomeSerializer
    queryset = SomeSerializer.Meta.model.objects.all()
    permission_classes = [IsAdminUser]

It checks that there is a user logged in and that is has is_staff in true.

Upvotes: 1

Gennady Morozov
Gennady Morozov

Reputation: 36

You can use user.is_staff to check this.

Ref: https://docs.djangoproject.com/en/dev/ref/contrib/auth/#django.contrib.auth.models.User.is_staff

Upvotes: 2

Arjun Shahi
Arjun Shahi

Reputation: 7330

If you want only the staff user can access the view then you can use the UserPassesTestMixin and LoginRequiredMixin like this:

class StaffRequiredMixin(LoginRequiredMixin, UserPassesTestMixin):

    def test_func(self):
        return self.request.user.is_staff

Now in your PostCreateView you can implement like this:

class PostCreateView(StaffRequiredMixin, CreateView):
     ......

Upvotes: 2

inmate37
inmate37

Reputation: 1238

Create a file named: permissions.py

And then you can do something like below:

from rest_framework.permissions import BasePermission


class PermissionMixin:
    '''
        Initializes user permissions
    '''
    def __init__(self):
        self._actions = ()
        self._user = False
        self._admin = False

    def _initialize_permissions(self, request):
        self._actions = settings.ALLOWED_ACTIONS
        self._user = request.user and request.user.is_active
        self._admin = self._user and request.user.is_superuser


class AdminsOnlyPermission(BasePermission, PermissionMixin):
    '''
        Determines operations that can be performed by admins only
    '''
    def has_permission(self, request, view):
        self._initialize_permissions(request)

        if view.action in self._actions:
            return self._admin
        else:
            return False

Upvotes: 1

Related Questions