I want to create a project in Python, Django. So I will be the admin. I will allow employer to create their system that allows their employee to login. How would I do so? I cant find any documentation on it. Employer will have to create employee account.
I'm assuming that you're already somewhat familiar with Django, and know how to set the system up so that you can create users in the admin page as a superuser. If this is not the case, you would benefit from working through a couple of tutorials on YouTube or one of the courses on Udemy.
A couple of options you have, based on what I think you're trying to do:
You grant the employer staff/admin permissions and allow them to access the Django Admin page so that they can create additional users at will. This would be the easiest way, but could also be the most risky if they do not know what they're doing.
Create custom permissions groups: documentation. If you don't want individual users to create their own accounts, you would need to set up views to allow those with the proper permissions to do it on their behalf.
There are several other options, but a lot of it is going to depend on how/where you plan to deploy your system and how complex you want the whole thing to be. Depending on the content, you might to look into DjangoCMS, which could offer you everything you're looking for out of the box.
If you can be a bit more specific about A) how you plan to deploy, B) what type of content the site will serve, C) where you plan to deploy it, and D) how Django-savvy the employer will be, it would be easier to provide you with a more comprehensive answer.
Related
I've created a custom user model (AbstractBaseUser) so that user could login into my website.
The problem is that I want to keep using Django's default user and authentication system for the admin so that staff could easily log in and manage stuff.
I saw a lot of tutorials but all of the instruct to change the setting AUTH_USER_MODEL, but if I change that I won't be able to keep using Django's default user.
Is there any solution for this?
Thanks in advance.
I have never implemented this myself, but to point you in the right direction, it may be worth having a read through this:
https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#authentication-backends
By the sounds of things you may be able to write an authentication backend for your front end user model, that you can run in tandem with Django's authentication system.
If you could get this to work, I would imagine that you would then have to make sure that the front end user model, once authenticated, can not access the admin part of the site.
For me the million dollar question here is, why do you want to keep the front end and backend users on separate models? They both have the same job, to authenticate the user?
I've created several projects in the past where there are front end users and admin users. Out of the box, without any modification you set the user attribute is_staff=False for front end users and is_staff=True for the admin users; that determines whether or not a user can access the admin part of the site, and I've never had any issues with this approach.
If the front end user (or backend user) desires additional functionality, the simplest solution would be to extend the user model:
https://docs.djangoproject.com/en/1.10/topics/auth/customizing/#extending-the-existing-user-model
Alternatively you could user your could create a custom user model and use this for both.
If you're willing to provide more details, perhaps I could help further, but unless there's a strong reason for having separate user models, I'd just stick with the one and configure and extend as you need.
I hope this helps.
I want to make a django site which has no profile authentication or signing in. Anonymous users will be able to make a form that will be potentially open to anyone else on the site.
I'd like to do two things:
Somehow limit access to this form to certain people, without on site profiles. Maybe passwords/encryption keys distributed by email? Or secret one-time links using random URL's to make finding them/crawling them difficult, only accessible to those who know about them?
A way that the user who created the form can delete the form. Again, perhaps email a secret password upon creation to whoever created the form, which can let them delete the form?
Are there any Django plug-ins I should look into, or does anyone have tips about how I should go about this? I'm interested in the shareasecret site, and aspects of security in one time links without profile authentication, however, I'm not sure of best practices and ways to go about this sort of thing.
There is no best practice nor a plugin for this use case. It is a common-or-garden, simple use case which should not demand that much of code and logic that you look for some plugin or best practice. Just draw the picture you imagine, sit and write your code. if you have any exact problems in your code, then ask a question.
Given the specific site you're trying to recreate has an api, it would appear that the details aren't matched against the user, but the post itself. so simply make a model that has the two things that it requires
Query Params
SECRET_KEY: the unique key for this secret.
passphrase (if required): the passphrase is required only if the secret was create with one.
So either I'd suggest use the same method yourself, or just use their api.
I am about to start designing a multitenant CRM solution.
The interesting libraries that appear are
the list of libraries that can be used are - https://dpaste.de/vvzWw/ (you can suggest edits if you wish as to which libraries would be better for a multi tenant django crm soln)
Now my major question is every instance(tenant) of the crm will have admin.
The django admin provides an awesome admin interface, I want the admin to be able to perform only contact/user management feature from the admin interface, and nothing else, that too only the users that belong to his sub-domain.
Can this be achieved or will I have to design a separate interface for the tenant admin?
YMMV but my own experience is that django-admin is a PITA to customize beyond simple things, and that I get better results writing a custom interface when the users needs are anything more than simple low-level CRUD (and don't get me wrong, django-admin is really great).
Now restricting which ModelAdmins are available to a given user and restricting the ModelAdmins querysets according to the current user is definitly not a problem in django-admin so if that's all you need you can always start that way and only start writing your own admin interface when you find the domain requires something more complex / specialized than what django-admin provides.
I plan to use Google Accounts to authenticate users of my GAE app.
As i understand it, all owners of a gmail adress are considered equal and can be authentified.
My app providing a free trial mode that requires no login, i'm only interested to authentify my paying customers.
Maybe I miss something, but the only distinction between users mentioned in the docs is between admins/non admins.
What is the common practice to authenticate a specific class of users (in my case: paying users) in GAE?
Have a look at gae-biolerplate, it shows how to create a user class using different logins
If you want to have extra information on users use a new model ie UserExtra to add information
like ie paid etc
link to boilerplate
I am building a system which serves content on external properties. I would like to track users which have not registered with my site with anonymous unique IDs. Then, if later they register with my site, I can covert them to regular Django users, but still have information related to their preferences and activities when they were anonymous.
Is there a facility to automatically set a user cookie via Django so that if they user is accepting cookies, I have a user session ID to work with?
I'd prefer not to come up with a custom solution if Django has some path to move from Anonymous to Authenticated users.
I suggest you look for sessions. They use cookies, store a unique id into a cookie which is linked to a file on your server containing their data.
https://docs.djangoproject.com/en/dev/topics/http/sessions/
I've looked for a solution to problems like this in the past. Django Lazy Signup (https://github.com/danfairs/django-lazysignup) looks like it should solve your problem and not force you to reinvent the wheel, though, fair warning I haven't personally used the project.