In Django project, there is a default User model, because in the database, there is auth_user table:
So, when I create a the User model in models.py, whether I should inherit the django's User or inherit models.Model? Because I should use the permissions in my project.
EDIT
and, what's the Django's User model? if is the django.contrib.auth.models.AbstractUser?
How to custom permissions:https://docs.djangoproject.com/en/1.11/topics/auth/customizing/#custom-permissions. And in terms of editing the default User model, you can either extend the user model or custom the user model, but normally you should extend the user model because you don't need to also custom the authentication system, django already provide a default authentication system associate with the User model. But if the default authentication system or User model doesn't fit your need, you can also make your own User model and authentication system, check this for detail: https://docs.djangoproject.com/en/1.11/topics/auth/customizing/#substituting-a-custom-user-model
Related
For a project (my own pet project) I am doing, I have an app called 'staff'. The ideas is 'staff' will contain list of all staff members in my organization. Now, they have to have an ability to login to the system and check what assets were assigned to them. The question is which built-in model (User, AbstractBaseUser, or AbstractUser) I should use for the 'staff' app? I've started with models.Model, however, I am thinking it might not be correct choice.
You can use the default User model that has a boolean field called is_staff. Then allow only user with is_staff==True to use the restricted system. You can change the value of is_staff in the admin interface. If you want a custom User model, subclass AbstractUser in the models of your staff app, then add this in your settings (if you want that your custom model is used for authentication): AUTH_USER_MODEL = 'AppName.CutomUserModelName'
Let's say I am building a social networking website that has nothing do with admin and superuser. But I still have to include these fields while making custom user model. This is going to be a simple model that has user's profile information not that user is admin or superuser.
Can anyone explain why do we always need these fields to be there. Can we get rid of them and still create a Custom user model or do we always need them.
There is no constraint mentioned in the Django documentation that the AUTH_USER_MODEL specified should have is_superuser or is_staff flags. The minimum requirements for creating a custom user model is specified here
It is upto your business requirement to decide whether or not to follow them. But if your auth model does not have those flags, then it will not be possible for even you (the admin) to access the admin portal. So there is no harm in having the flag turned off for everyone.
I have extended user model in my project and need to update its field (last online) whenever user has authenticated. I use DRF and IsAuthenticated in permission classes, what is the best way to trigger update event?
I have a question about django's user inheritance.
I have gone through docs of django where I have seen inheritence of User model if I want to register the user through email and password.
My questions :
What will be the difference on default User model and Custom User model that I will make ?
Can I use the permissions and add group in the Custom User model ?
And also what if I want to inherit django's default User in my model ?
class Person(User):
address = models.CharField(max_length=100)
def __unicode__(self):
return self.address
Here the user model is django's default User model ?
Can I inherit like that ?
based on django specifying a custom user model
The easiest way to construct a compliant custom User model is to inherit from AbstractBaseUser. AbstractBaseUser provides the core implementation of a User model, including hashed passwords and tokenized password resets.
Alse Extending the existing User model can be a good option.
I am really stuck in my project right now. I am trying to implement Oauth2 for my app. I found out about django-oauth2-provider a lot and tried it. The only problem is, it uses the User model at django.contrib.auth. The main users of our site are saved in a custom model called User which does not inherit from or extend the model at django.contrib.auth.
Is there any way to use my custom User model for creating clients and token?
If django-oauth2-provider can't be used for this purpose, can anyone recommend me some oauth2 library with the option to implement oauth2 with my own model.
Sincerely,
Sushant Karki
As the previous answer suggested, you should extend AbstractUser from django.contrib.auth.models.
The problem with the access token that the OP referring to, occur when changing the setting AUTH_USER_MODEL AFTER django-oauth2-provider was migrated.
When django-oauth2-provider is migrated, it creates a key constrain between the User model and django-oauth2-provider.
The solution is very easy:
Create your new User model and change the AUTH_USER_MODEL setting.
Go to the django_migration table in your database.
Delete all rows of django-oauth2-provider.
run python manage.py makemigrations
run python manage.py migrate
Now, the django-oauth2-provider tables are connected to the RIGHT User model.
django-oauth2-provider fetches the user model using settings.AUTH_USER_MODEL, with a fallback to auth.User. If you extend AbstractUser your User model will include all the fields of auth.User plus any additional fields you specify.
from django.contrib.auth.models import AbstractUser
from django.db import models
class User(AbstractUser):
some_additional_field = models.BooleanField(default=False)
Specify the user model to be used like this in settings.py:
AUTH_USER_MODEL = 'user_api.User'
If you don't want to base your user on AbstractUser you'll also need to write your own user manager, e.g. by extending the BaseUserManager
You can read more about ways to customize django's user model here.