I want to create a membership website where users can log in to a control panel separated from the admin panel.
Inside the control panel users can edit their settings, view statistics and use paid services.
What are the plugins I need to build this kind of websites?
How I can improve the security and automate the workflow ?
Start with the basic User module that comes with Django. When adding more settings to a user, you must create another model UserProfile that is linked to the base User model.
class UserProfile(models.Model):
user = models.OneToOneField(User) # The base User model takes username, password and email
# For the "paid services" you could use a boolean field and evaluate in your template
premium = models.BooleanField()
# Alternatively, a field that links to the services, which you'll have to include in your models.py
account_type = models.ManyToManyField(Service)
Make sure you have 'django.contrib.auth' and 'registration' in your INSTALLED_APPS in your project's settings.py, and work using those apps if they suit you.
For security, check https://docs.djangoproject.com/en/1.10/topics/security/
Related
The password for newly created users is shown publicly on the admin console models. Why is that and how I do it correctly?
Furthermore, I am not actually able to login with any of the new users created in the Accounts_app. I am able to login only with the python manage.py createsuperuser
I created at the early point in the project.
Here is the models.py
from django.contrib.auth.models import AbstractUser
class ProjectUser(AbstractUser):
def __str__(self):
return self.username
Here is the settings.py
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
]
AUTH_USER_MODEL = 'accounts_app.ProjectUser'
Here is my admin view
To create the user, I click "Add User" in the app admin view.
Here is the apps.py file
from django.apps import AppConfig
class AccountsConfig(AppConfig):
name = 'accounts_app'
Here is the admin.py file
from django.contrib import admin
from accounts_app.models import ProjectUser
# Register your models here.
admin.site.register(ProjectUser)
Although you set ProjectUser to be the AUTH_USER_MODEL, you registered it in the admin as a standard model, not the user one. You need to use the user admin, as shown in the docs, since this takes care of hashing the password:
from django.contrib.auth.admin import UserAdmin
admin.site.register(ProjectUser, UserAdmin)
You'll need to delete and recreate the users you generated via the admin before changing this.
Firstable, what do you want to do, extend or custom the User Model?
If you want to extend... It's enough with a foreign key. For this, the Django project recommends using OneToOneField(User)
In this case, see the link below.
https://docs.djangoproject.com/en/2.1/topics/auth/customizing/#extending-the-existing-user-model
In the other hand, if you want to custom the User model, you must have to do this before doing the migrations. The initial setup must have your customization. You can create an app only for the User Model customization.
In this case, see the links below.
https://docs.djangoproject.com/en/2.1/topics/auth/customizing/#substituting-a-custom-user-model
https://wsvincent.com/django-tips-custom-user-model/
I hope this helped you
I am trying to make custom form for a model in the django admin area with a select field that is created on submit based on the request.user. The user would then pick from the select and it would save specific settings to the model.
the model:
class Thing1(models.Model):
user = models.ForeignKey(User)
setting_1 = models.BooleanField(default=False)
setting_2 = models.BooleanField(default=False)
setting_3 = models.BooleanField(default=False)
But instead of having the user set the settings fields manually, I'd like to display a Select with something like:
- Default Settings
- Other Settings
And the user would select one and the system would save the settings booleans accordingly. The actual options of the select depends on the user, so I need request.user to be able to build that select field. I don't seem to have access to request in the ModelForm.
So I know that I can exclude the settings fields from the model in django admin, but how do I get the form to include the select with the correct things in the select options for the user and then have it save the correct settings in the model on save?
I've read a bunch of other questions about custom django admin fields and got some ideas, but don't have a clear picture.
I have managed to add an additional field to the Registration form, "where did you hear about us?".
But I am not sure which files to edit in order to store the data from this field along with the users info.
i.e. When logging into the Admin section and go to "users" and view a users info I would like to see this field there.
Simplest way would be to store additional data in a UserProfile model about the user, e.g.
from django.contrib.auth.models import User
class UserProfile(models.Model):
# This field is required.
user = models.OneToOneField(User)
# Other fields here
where_heard_about_us = models.TextField()
You can then register the object as an inline object in your Django Admin
I'm trying to set up a permissions decorator in my Django app. The docs mention it and nowhere could I find explained what this codename represents (a model field? a model method? a permissions method?).
What is the codename and where can I setup codenames?
https://docs.djangoproject.com/en/1.9/topics/auth/default/#the-permission-required-decorator
You can add custom permissions to any model under Meta class. Those permission name are called codename. It goes like this:
class Dish(models.Model):
name = models.CharField()
class Meta:
permissions = (
('can_approve_dish', "Can approve Dish publication"),
('can_delete_dish', "Can Delete Dish")
)
Here, can_approve_dish is a codename. Now, to perform any operation on Dish, you can check for permission like this:
# Assuming Dish model is under app named - `'app'`
if user.has_perm('app.can_delete_dish'):
dish.delete()
These permissions would be available on admin site to be assigned to users after migration. So, if you haven't assigned a can_delete_dish permission to a user, he won't be able to delete that dish.
If you've added different permissions on multiple models under the app named - app, all those permissions will come under name app. That means, you've to have unique codename across models in the same app.
I am trying to write custom get_profile() function which should create user profile for users who are registered thru admin or any other way where post_save was not called.
How can I start this?
I guess that you have a model to handle user profile like this:
class UserProfile(models.Model):
"""Contains user profile fields not provided by User model"""
user = models.OneToOneField(User)
# Defined User profile fields like picture, phone, etc
So adding following line (maybe in your models.py after UserProfile model):
User.profile = property(lambda u: UserProfile.objects.get_or_create(user=u)[0])
Allows access to the profile of a user (i.e. in templates: {% user.profile.phone %}) by creating it if not exists.
This is the way I solved in my site a problem like you describe.
Hope this helps
I am a bit confused. Are you trying to let users create account and sign in? Then use django-registration which is easy and works out of the box.