Reputation: 320
Restrict Django admin to only allow super-users
I'm currently building an Django app that is using an LDAP authentication backend. Because of this all ldap authenticated users are also allowed to login to the admin interface. Is there a way I can lock down the admin interface to only super users?
Upvotes: 2
Views: 1494
Answers (1)
Reputation: 239250
That shouldn't be the case. Just because there's a user account doesn't mean it can be used to login to the admin.
In order to access the admin, User.is_staff == True, and it's not by default. Simply only set the flag on actual users you want to be able to login to the admin, and you're good.
If for some reason LDAP users have been added with is_staff set to True, you can simply do:
User.objects.update(is_staff=False)
And then, just for the users you want to grant access to:
u=User.objects.get(username='admin_user')
u.is_staff = True
u.save()
Upvotes: 5
Related Questions
- how to not let staff or admin users edit superusers
- I want Staffuser in Django not to see any superusers
- Django - Is there any way to hide superusers from the user list?
- How to Allow Superusers to access Django Admin Panels
- How do I restrict non-superuser users in Django admin from choosing all user groups/permissions?
- allowing only super user login
- Restricting admin urls to already authenticated superusers in Django
- Create a django superuser but never let it login
- Django admin -- restricting access by user
- How to prevent super user deletion in Django admin?