I am learning the Django framework.
I have two groups of users: manager and employees.
At the login page, I want to differentiate between these two groups.
If the employee has logged in, then redirect it to the homepage, and if the manager logged in, redirect it to the '/manage' page.
How should I do this in Django?
Just check the user group in you login view :)
You need to look at your AccountAdapter... in your ALLAUTH settings in settings.py set
ACCOUNT_ADAPTER = 'apps.your_app_file.AccountAdapter'
Then in the your_app_file.py:
from allauth.account.adapter import DefaultAccountAdapter
class AccountAdapter(DefaultAccountAdapter):
def get_login_redirect_url(self, request):
if request.user.profile.manager: #or however else you can check
return '/manager_homepage'
else:
return '/employee_homepage'
Related
I'm looking for a way to separate the session handling for the admin part of a site and the frontend.
A person should be able to log in to the admin (only if he has is_staff and/or is_superuser).
He should have to be able to login with another username into frontend.
So basically it's like two separate sessions for the admin and frontend.
Login/Logout and Permission-check functionality is not a problem, different sessions is the problem. Any ideas?
Thanks,
Probably you can't do that unless you have a separate authentication system which is not provided by django. Means, you can use django's auth system for admin users and a separate auth system which for normal users. IMHO, its not very ideal solution if you don't have a separate auth system.
Alternativly, you can write a new middleware for this. In that middleware, you can check if the user is authenticated with an admin user, and if he/she is, then log him/her out of the application and redirect to login page.
Here is an example:
from django.contrib.auth import logout
class RestrictAdminUserInFrontend(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if request.path.find("/admin/") == -1 and request.user.is_authenticated and request.user.is_superuser:
logout(request)
return redirect('login-page')
response = self.get_response(request)
return response
And add that to MIDDLEWARE settings:
MIDDLEWARE = [
'other middlewares',
'path.to.RestrictAdminUserInFrontend'
]
So, in this approach your admin users will be forced to login using normal user's username and password. But admin site and frontend will use same session.
I am creating a django admin app in which there are two different types of users. One is the admin and another is the simple user.
The problem is I have no idea on how to redirect these users to their own dashboards.
For example, If a user who has created an admin account logs in then he/she should see a admin dashboard. and if a user who has a simple user account logs in then he/she must not be able to see the admin dashboard.
Hey I have no time now to help you too much but I will say you to check this Django ClassView: https://docs.djangoproject.com/en/2.2/ref/class-based-views/base/#redirectview
You can do something like:
class RedirectView(RedirectView):
def get_redirect_url(self, *args, **kwargs):
if self.request.user.is_admin():
return reverse('admin_dashboard')
else:
return reverse('user_dashboard')
If you need extra help ask me and I help you later. Good luck!
Edit: In addition, you should check at the admin dashboard view if the user has the admin role, otherwise return a 403 or a 404.
https://docs.djangoproject.com/en/2.2/topics/http/views/#the-http404-exception
I have login and work page.
I want user to login first and then redirect to work page. This scenario is working fine for me.
However when I try hitting the work page it is giving me error, I am checking it through session variable which I know I am doing it wrong as I am not sure which user is trying to access the page if user tries to hit the work page directly as there will be many users in database. How can I restrict user to hit the work page directly and if user does it should redirect to login page
views.py file method is as follows:-
def chatbox_index(request):
context={}
template_name = "bot/chatbot.html"
**<I have to check here if user session is active or not?>**
return render(request, template_name,context=context)
else:
return render(request,'' ,context=context)
after user login I am creating session and storing in below 2 variables:-
request.session['employee_name'] = employee.usrFirstName
request.session['employee_id'] = employee.id
Django provides login_required decorator for this:
from django.contrib.auth.decorators import login_required
#login_required
def chatbox_index(request):
context={}
template_name = "bot/chatbot.html"
return render(request, template_name,context=context)
I'm new to django. I would like to know if is it possible for Anonymous users not to access my views/template page if they are not logged in to django admin?
Example:
localhost/myviews
localhost/admin
Anonymous user access localhost/myviews > authenticate if logged in to admin > if not, throw error
Use the decorator #login_required. See this.
from django.contrib.auth.decorators import login_required
#login_required(login_url='/login'/)
def secret(request):
return render(request,'after_login.html', {})
I created a very basic login application. The LOGIN_URL, LOGIN_REDIRECT_URL and the LOGOUT_URL work just fine.
The thing is that if i log in succesully and then i close the window (browser) and then i reopen the browser, i can perfectly search the url (the one i am supose to only see if i am logged in) and use the applcation without loggin in again. This is not where it ends: if i open 2 separate browsers: Chrome and Firefox at the same time and i only logged in in ONE, i can use the applicaction from the other browser without problems.
I dont want this to happend. I tried using login_required in the urls.conf for the index view (the page that you can only see if you are logged in) and in the class view, i tried using stronhold, and django-braces. Is ther any other way to do this?. If you want to see any of the code let me know. Im using the login and log out that django implements (auth).
Than you
I know this is an old post but maybe the answer will help others in the future.
if you workflow is class based views you have to use: LoginRequiredMixin
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views import generic
class CreateGroup(LoginRequiredMixin, generic.CreateView):
fields = ('name', 'description')
model = Group
The LoginRequired mixin
When using class-based views, you can archive the same behavior as with login_required by using the LoginRequiredMixin. This mixin should be at the leftmost position in the inheritance list.
https://docs.djangoproject.com/en/2.0/topics/auth/default/
It would seem like you need to wrap the 'private' views with Django's login_required decorator:
from django.contrib.auth.decorators import login_required
#login_required
def my_view(request):
...
This will redirect to LOGIN_URL if the user is not logged in or authenticated.
in the view to the which your login redirects you can add:
def after_login(request,..):
if not request.user.is_authenticated():
redirect('some-non-existence-page-or-404',...)
#Your code
return