I was wondering if it was possible to differentiate a request from the Django administration portal from a request from the API ?
For example, using permissions, a user would not be able to delete an instance with a basic API call. But the same user through the admin portal would be able to delete the instance.
I tried to look at the parameters of the request object but didn't find anything that can be used.
In my ideal case: User A can delete objects through the admin dashboard but the same User A cannot delete objects when not using the admin dashboard.
Related
I need a proper and detailed explanation and understanding of how Django content type model works and the use and purposes of generic relationships. I am trying to create an anonymous chatting app where users can come and register and other people can send them messages whether registered or not through a link the user created and they would not know who sent it.
I am using django class based view for my web application. I using django auth class for user sign up and login. In my app, users can be off more than 3 types. Every type of user will have more or less different privilege in the type. I dont know how can I manage different type of users.
So I need advice how can I implement this.
I want to do a social authentication with Google and Facebook. For that I have use social-auth-app-django. When I login with using Google it will directly create an account in django user model and redirect to my URL. But I want to fill extra required details of user, after entering detail create user after user's confirmation and don't want to directly login new user and redirect to my authenticated page.
Any suggestion is always appreciated.
Thanks.
That's basically the purpose of the partial pipelines feature on python-social-auth (docs). The idea is to pause the authentication flow at any time and resume it later, it's commonly used to ask for more details to the user, or to just send a validation email.
Check the example application here, in the settings it overrides the default pipeline with one that will ask the user for their email address.
I am using RemoteUserMiddleware to authenticate with VAS.
Right now I set it up so the REMOTE_USER variable gets set only for my SSO login URL (/accounts/login/sso/), because I must allow my users to login via forms (for users not present in our SSO system). According to my debugging, the user gets authenticated correctly in VasMiddleware (which extends RemoteUserMiddleware to pre-process REMOTE_USER), but after the user gets redirected to the home page (/), authentication is lost.
How can I persist the information that user has been logged in?
Django 1.9 will have a PersistentRemoteUserMiddleware, which will work when the authentication header is only present on the login page.
If you look at the patch, it shouldn't be too hard to do something similar in Django 1.8. I would try overriding process_request so that it doesn't call self._remove_invalid_user(request) to log out your user (that might end up duplicating a lot of code), or overriding _remove_invalid_user itself.
I've read about a lot of different apps for django for integrating social authentication to django projects. But, I'm having some trouble understanding how this integration works
Does it extends the default USER models? Where do I find those kind of information in the applications?
I basically need a user system that has groups (for permission purposes). The user would be able to register using a common registration proccess or facebook. Will I be able to achieve that with any kind of application?
Thanks in advance.
There is an app called django-allauth. If you read their official documentation, it is pretty easy to follow. As per their instructions, you install the core app, and any other authentication you need (like facebook, oauth which google uses). Then, you have to go to facebook, get developers key, and add it to your django admin.
Basically, when somebody tries to login using facebook, the signin process sends the keys to facebook, and check if the user exists. If it does, then the authentication app creates user on the backend, just like a normal signin process. You can get javascript from facebook to make a login window.