I'm currently designing a Django based site. For simplicity lets assume that it is a simple community site where users can log in and write messages to other users.
My current choice is wether to use the buildin User-Model or to build something my own. I don't need much from the buildin User: there will be no username (you e-mail address is you username), but you an set an internal Name of your choice which can be used by multiple users (like Facebook). Additionally, I don't need the permission system, since access to others will not be based on groups. So I would end up using only the email, firstname, lastname and password fields from the buildin User and everything else would be placed in a UserProfile.
On the other hand, the buildin User system will come handy on the backend of the site, since there is the chance I will need a group based permission system there.
All in all, it looks to me, that I rather build my one User Model and use the buildin only for access to the admin backend.
Is there anything wrong with my reflections?
Is there anything wrong with my reflections?
Yes.
My current choice is wether to use the buildin User-Model or to build something my own.
There is a third choice.
http://docs.djangoproject.com/en/1.2/topics/auth/#storing-additional-information-about-users
everything else would be placed in a UserProfile
Correct.
build my one User Model and use the buildin only for access to the admin backend
Don't build your own.
Do this:
If you'd like to store additional
information related to your users,
Django provides a method to specify a
site-specific related model -- termed
a "user profile" -- for this purpose.
As the author of django-primate I would like to add some comments. Django-primate which easily lets ju modify the built in User model is meant for just that. You might need just something a little extra, then use django-primate.
But there are problems, although I do not think modifying the django User model per se is a problem at all. One problem is that the "users" are quite different, the admin user and some other user are often not related. This can cause problems when for example an admin is logged in and then wants to login to the site as a "normal user", they do not expect those accounts to be related and do not expect to be logged in automatically as the admin user. This causes headaches for no reason. It also causes a lot of other headaches to implement the recommended related Profile model, you often need to make sure there is a contrib user for every profile and a profile for every contrib user if you for example want to use the authentication decorators. Forms and administration of "users" make this even more cumbersome. In short: usually something will go wrong in this process at some point, it's a curse.
I have mostly abandoned the contrib User model for anything else but for admins. Building another user model is really what you want, but you also want the authenicating part for that user, hence the common use of django contrib User (using it for the wrong reasons). The best solution if you are in a situation like this is to build your own authenication for that custom user model. This is actually quite easy and I cannot recommend this approach enough. I think that the official recommendation is wrong and that there should instead be good tools for authenticating custom user models built into django.
You might want to have a look at the recently created django-primate: https://github.com/aino/django-primate
I once built a custom user model, inheriting from the default one. It works, however, I wouldn't recommend it.
Currently, you have some requirements, but over time they may change. Django's user system is quite straightforward, and using it allows to adapt more easily to some of the most common use cases.
Another aspect to think about, is that there are several applications already available that you can use, and that may require Django's users. Using your own model, may make usage of such modules much more difficult.
On the other hand, hacking the Django's user system in order to comply with your current requirements may be tricky.
Moreover, migrating a 'Custom-User' to a 'Django-User' is always possible, so you are not really closing that door.
Overall, I think it really depends on what you mean with 'user'.
If you mean just a registration, and no real interaction with the core Django features, then I think a separate model is enough, especially because you can migrate at any time, with relatively little effort.
However, if for your application a 'user' maps to something very similar to the what Django is for, then I would use the Django User-Model.
Related
I have just started developing a bookstore site with Django and I have a question about user authentication.
I want users to have a wallet, shopping cart and additional information for their account such as profile picture, phone number, address, etc. to buy books.
And now I am faced with the dilemma of whether to change the User model itself, or create a Profiles model for each and link it to the User model, or create a separate model (in other words, the authentication system) and do everything from scratch.
Now I have started building a separate authentication system. Everything was going well until I had problems in sending and receiving user data in the template contexts.
Finally, in general, I want to know if Django authentication system is really suitable for all users of a site?
Django is one of the most battle-hardened and well tested 'batteries-included' frameworks out there, so the built-in Authentication is more than acceptable. The Docs have an overview, with a guide on how to extend.
You can make an assessment of 3rd party packages relating to authentication here, and make a judgement as to whether or not any of these packages are suited to your e-commerce use-case.
With regards to your User model, its widely considered best practice to begin your project with a custom user model (i.e. before your first migration). The official docs even state this, however some people still prefer the 'old' way of doing this, which is to create a separate 'one-to-one' profile model.
Here is a tutorial about beginning a project with a custom User model.
Here is one about changing mid-project.
If the default Django's User model does not contain everything you need, you can always extend it with your own model. Django docs have it covered with some examples here: https://docs.djangoproject.com/en/4.0/topics/auth/customizing/#extending-the-existing-user-model
By extending the User model you can add additional fields and/or functions to the User model (for example, you can add an image, description, age, relationship status, etc.).
Having said that, I really recommend using Django's authentication backend. It's well-tested and secure.
I am creating a web application, there are 3 types of users superuser, taker and employer how could I implement this by using default authentication of Django.
There are several ways to do this. I would recommend you to keep only one user model (Django’s default or a extended version of it) and then creating several profile. Each profile is a different model with the information related to the user type. This approach has worked for my in the past, but you would need to share more information so we can really know if this is a good approach.
I suggest you to read the post by Vítor Freitas where he explains different strategies, included the one I shared.
Link: https://simpleisbetterthancomplex.com/tutorial/2018/01/18/how-to-implement-multiple-user-types-with-django.html
I have a site that - other than the signup process - will be only used by logged in users. It's my first Django site, and I'm wondering whether I can use the Django user model (slightly extended) to work with all my users, or should it only be used for administrative users such as myself?
Apologies if this is a stupid question. Additionally, and either way, what's the best way to manage user registrations? It'd be awesome if this were built into Django, but it's not, and I read django-registration is relatively abandoned. Any recommendations welcome.
You can use the Django User model for all your users (of course, it all depends on your actual scenario, but it sounds like it could work in your case). You can also extend it (e.g. add more fields): https://docs.djangoproject.com/en/dev/topics/auth/customizing/#extending-the-existing-user-model
Is it the best way to manage users? Again, it depends on the scenario, but it would still work for a significant portion of Django projects.
I read django-registration is relatively abandoned
I haven't used it in a while, but I'd guess it would work with the current Django version. In any case, it's a fairly simple and robust application, so you might be able to tweak it to make it work (you might even decide to commit the changes back to the repo, in the open source spirit).
I was just talking to an advanced developer friend of mine about this. He said using djangos users is frowned upon and to build it out separately. I don't know much more on this but it's something I will be doing in the future.
I am fairly new to django, and I thought user registration and profiling would be good to start with. Not so sure any more. So please forgive me for using this expert-forum as a shortcut, but reading quite a few blogs about how user profiling and registration should be accomplished, kind of leaves me with more questions than answers. I'd be glad for some rough line to follow. Here is what the application should do:
Several types of users should be able to register by way of a registration form. This should include not only django's inbuilt username and password but also other specific information. I was successful in creating such a form and saving it into the database (User object, and self-defined UserProfile object). Each user should be able to edit his settings later.
User Profiles:
q1) However, if I want more than 1 profile, is it still correct that these profile classes must be subclasses of class UserProfile because the settings attribute AUTH_PROFILE_MODULE can only have 1 value?
q2) Is it possible to define a base UserProfile with e.g. 10 fields, and flexibly allow for SubUserProfile_A to inherit 6 certain fields, while SubUserProfile_B inherits 6 other fields, i.e. the base class provides all features, and a subclass inherits a subset of it? Or better define a base UserProfile with 2 overall features, and have each subclass have its own specific features?
q3) Then I learnt that there is a predefined package for user-profiles by J. Bennett, django-profiles. I haven't used it since I read it is rarely documented. Is it deprecated, and features are all subsumed by django 1.3, or is it still recommended (last update 2008)? E.g. the user should be able to edit his settings, but this could also be programmed by use of generic.EditView(), available as of django 1.3. No? In other words: which advantages does user-profiles have compared to django 1.3?
User registration:
q4) Then I learnt that there is a predefined package for registration by J. Bennett, django-registration. It comes in 2 flavors: a) with use of class-based generic views (brandnew), b) without class-based gen. views. It seems that I will need them anyway since they offer e.g. "email-confirmation" which is of course not yet in my app.
So, if I need this module at all (do I?), which version should I use, the old (easier?) or the new one (accompanied by a warning of Bennett:) )? Or should I stay with django 1.3?
Answers are highly welcome. I really don't expect novels but maybe helpful hints.
Thanks a lot in advance!
Very good questions. You can try using both applications separately and see how they work first. you can also check out this SO thread django-registration creating blank django-profiles using signals or this article http://dewful.com/?p=70
I would like have additional settings tied to each user in my application (beyond, is_staff, is_admin etc etc). Basically I'd like to have different settings to customize their user experience (ie: don't show tooltips, how many rows to display in results tables, other flags for turning things on or off).
Are there best practices for adding these types of settings, or example model to do this without touching the django user object (in the past when i needed a quick user property, i just added it to my django source code, but obviously know that this is a horrible idea).
So when someone sucessfully logs in, I would grab the settings for the user and add them to the session.
I wasn't sure if there was a pretty way, or best practice for doing this.
As already said, use UserProfile. To store many flags in the same field there's django-bitfield.
Either put them in the user profile model, or create another model with a one-to-one to User.