I want to create custom admin panel.
In admin panel having two main functionality.
user management
and
token management
I completed all things but I shrugged in token management.
when admin user adding new user so it will generate token.
and users_list view i can see all fields with token.
please suggest me some idea how to do
Related
I created a mock user profile in Django admin in the admin/auth/user
view and assigned the user with all permissions (active, staff status, superuser status). In admin/<app_name>/user I gave the user all authorization permissions. This user was created to test different permissions set for them on the admin panel. I have verified that this user model was created.
In the Django admin panel with the mock user, when I hit view site and enter the home view of the django application, the post request to the home page returns a different user as opposed to the current admin. Why is the HTTP request rendering a different user instead of the admin user? In the following example, my Admin site welcomes the mock user I created (Test), but when I click 'View Site' the user is different from the 'Test' user. I only have 2 users created for the Django app.
I am creating a django admin app in which there are two different types of users. One is the admin and another is the simple user.
The problem is I have no idea on how to redirect these users to their own dashboards.
For example, If a user who has created an admin account logs in then he/she should see a admin dashboard. and if a user who has a simple user account logs in then he/she must not be able to see the admin dashboard.
Hey I have no time now to help you too much but I will say you to check this Django ClassView: https://docs.djangoproject.com/en/2.2/ref/class-based-views/base/#redirectview
You can do something like:
class RedirectView(RedirectView):
def get_redirect_url(self, *args, **kwargs):
if self.request.user.is_admin():
return reverse('admin_dashboard')
else:
return reverse('user_dashboard')
If you need extra help ask me and I help you later. Good luck!
Edit: In addition, you should check at the admin dashboard view if the user has the admin role, otherwise return a 403 or a 404.
https://docs.djangoproject.com/en/2.2/topics/http/views/#the-http404-exception
I currently use the "Google Accounts API" to allow users to login to my GAE app. So I use users.create_login_url and users.get_current_user and add an ndb.UserProperty to my own user entity so that I can retrieve data for that user.
I'm now in the process of switching to oauth2 (using authomatic).
I don't know how to handle admin users after the switch to oauth2. I currently use users.is_current_user_admin to detect an admin user, but that won't work if the admin logs in with oauth2.
I see two awkward solutions:
Keep using the Google Accounts API for admin users and have regular users login with oauth2.
Store a list of oauth2 credentials for admin users (hardwired in the code or in the datastore) so admin users will be recognized after login with oauth2.
Is there a better way or should I use one of the above, and if so, which one?
I'll describe how I ended up doing it in case it is helpful for others.
Below is my Login handler. If a user goes to "/login" then it displays login buttons. When a user clicks on a button, the page redirects to, e.g., "/login/google" to do OAuth2 processing.
If I want to login as admin, then I manually enter this URL "/login/gae".
class Login(webapp2.RequestHandler):
def get(self, provider=None):
# Show the login page and allow the user to select a provider
if not provider:
template = JINJA_ENVIRONMENT.get_template("login.html")
self.response.write(template.render())
# Only for admin login. Use app engine login.
elif provider == "gae":
self.redirect(users.create_login_url("/"))
# The user has selected a provider so we do oauth2 login.
else:
session = Webapp2Session(self, session=self.session)
result = authomatic.login(Webapp2Adapter(self),
provider,
session=session,
session_saver=session.save)
...
To allow admin to logout, I conditionally put an admin logout on my web pages by creating this template variable:
logout_url = users.create_logout_url("/") if users.is_current_user_admin() else None
and adding this to my page template:
{% if logout_url %}
<li>Admin Logout</li>
{% endif %}
I have a custom admin page:
class StripeAdminSite(admin.AdminSite):
...
pass
I have registered django.contrib.auth.models to this admin site:
stripe_admin_site = StripeAdminSite(name='Stripe')
stripe_admin_site.register(User)
Now User show up in the admin page, it also let me create users (as stuff), but after creation when I try to log in using them to dashboard it does not allow me to do that.
After switching back to default admin site, I got this written in my old users password fields:
Invalid password format or unknown hashing algorithm.
Now what can be done?
More/Extra information: How to bring default add user page at django custom admin page?
The problem is that you did not register the User model with Django's UserAdmin. This means that the password was not hashed properly when the user was created, so they can't log in.
To use Django's UserAdmin, change your code as follows.
stripe_admin_site = StripeAdminSite(name='Stripe')
from django.contrib.auth.admin import UserAdmin
stripe_admin_site.register(User, UserAdmin)
Once you have done this, you will not get this problem for new users that you add in future.
Use the change password link to reset the password for any existing users, and then they should be able to log in.
I am dabbling a little with Python Django Social Auth using Twitter authentication.
I can login.
But, when I try to log out using django.contrib.auth.logout, it doesn't log out.
What's the way to logout?
Thanks.
Are you trying to log out just from the Django app or do you want to "forget" the Twitter access? Usually the twitter auth token is stored for simplified login the next time a user wants to connect to twitter, so the user doesn't have to "accept" the access again.
Django logout
If you just want to logout from the Django auth system, it should be enough to use the django.contrib.auth.views.logout view or to create a custom logout view.
Social auth disconnect
To completely unlink/disconnect a social account, you need to use the disconnect functions in social-auth. You can get the disconnect url using the following template tag:
{% url "socialauth_disconnect" "backend-name" %}
For more information, please refer to http://django-social-auth.readthedocs.org/en/v0.7.22/configuration.html#linking-in-your-templates.
Force approval prompt
Because you've already allowed your app access to the OAuth provider, the auth provider will remember that decision. There are usually two ways to force a confirmation of that access permission:
Revoke the access permission in the management console of your auth provider (e.g. disapprove twitter app access).
Set an extra OAuth argument that forces the approval prompt. I'm not sure if Twitter provides such a thing, but if you're using Google OAuth2 you can simply add {'approval_prompt': 'force'} to the GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS setting.
Do you have a logout view? You need to have a logout view.
Example:
from django.contrib.auth import logout
def logout_view(request):
logout(request)
# Redirect to a success page.
This answer is outdated as django-social-auth is now python-social-auth
See newer Stack Overflow answer here.
Read the docs here
According to the documentation there is a difference between log out and disconnect. In short,
Disconnect - forget the user social account.
Log out - end the current user session and remove any related data (like cookies).
From the question, I assume you still want to allow the user to have the Twitter linked with the account. If you want to disconnect, check this answer.
To log the user out, you can have in your Django settings.py
LOGOUT_URL = "logout"
Then, in your urls.py
from django.urls import path
from django.contrib.auth import views as auth_views
urlpatterns = [
path("logout/", auth_views.LogoutView.as_view(template_name="registration/logged_out.html"), name="logout"),
]
Then, to log the user out, you can just use in the template something like
Logout
Also, you'll have to create a the logged_out.html file in appname/templates/registration/ and include in it whatever you want the logged out user to see.