Similarly, the easiest way to restrict access to logged-in users in your class-based views is to derive from LoginRequiredMixin. You need to declare this mixin first in the superclass list, before the main view class.
For additional detail, check out the Django docs here. Now that we know how to restrict a page to a particular user, let's create a view of the books that the current user has borrowed. Unfortunately, we don't yet have any way for users to borrow books! So before we can create the book list we'll first extend the BookInstance model to support the concept of borrowing and use the Django Admin application to loan a number of books to our test user.
We'll create one using a ForeignKey one-to-many field. We also need an easy mechanism to test whether a loaned book is overdue. While we're here, let's add a property that we can call from our templates to tell if a particular book instance is overdue. While we could calculate this in the template itself, using a property as shown below will be much more efficient. This is not something we would want our users to experience! Now that we've updated our models, we'll need to make fresh migrations on the project and then apply those migrations:.
This will make the field visible in the Admin section, allowing us to assign a User to a BookInstance when needed. Now that it's possible to loan books to a specific user, go and loan out a number of BookInstance records. Set their borrowed field to your test user, make the status "On loan", and set due dates both in the future and the past.
Note: We won't spell the process out, as you already know how to use the Admin site! Now we'll add a view for getting the list of all books that have been loaned to the current user. We'll use the same generic class-based list view we're familiar with, but this time we'll also import and derive from LoginRequiredMixin , so that only a logged in user can call this view.
Now, all we need to do for this page is add a template. This template is very similar to those we've created previously for the Book and Author objects. The only thing "new" here is that we check the method we added in the model bookinst.
Try this out with your user logged in and logged out in the second case, you should be redirected to the login page. The very last step is to add a link for this new page into the sidebar. We'll put this in the same section where we display other information for the logged in user. When any user is logged in, they'll see the My Borrowed link in the sidebar, and the list of books displayed as below the first book has no due date, which is a bug we hope to fix in a later tutorial!
Permissions are associated with models and define the operations that can be performed on a model instance by a user who has the permission. By default, Django automatically gives add , change , and delete permissions to all models, which allow users with the permissions to perform the associated actions via the admin site. You can define your own permissions to models and grant them to specific users.
You can also change the permissions associated with different instances of the same model. Testing on permissions in views and templates is then very similar for testing on the authentication status and in fact, testing for a permission also tests for authentication. Defining permissions is done on the model " class Meta " section, using the permissions field. You can specify as many permissions as you need in a tuple, each permission itself being defined in a nested tuple containing the permission name and permission display value.
For example, we might define a permission to allow a user to mark that a book has been returned as shown:. You will need to re-run your migrations call python3 manage. You can check whether the current user has a particular permission using the specific variable name within the associated Django "app" — e. The pattern are the same as for login authentication, though of course, you might reasonably have to add multiple permissions. Note: There is a small default difference in the behavior above.
So, I thought about sharing my experience with previous Django projects on how to handle multiple user types. In this tutorial I will share my thoughts on this particular topic and share with you the strategies that worked best for me, depending on the requirements of the project.
Many of the design decisions depends on the requirements and business model of the application you are developing. I will try to cover as many different scenarios as possible. Read carefully and pick the best option for you. If you learn better with examples or you are in a hurry right now, jump to the practical example.
Otherwise, keep reading. What you are going to read next is not written in a stone. Treat this model as an account rather than a user. Meaning, all users need an account to log in. After all, all accounts should share many common resources such as login, logout, password resets, password change. Requirements always change. Mainly because you will need to update all the foreign keys to the User model. It can be done, but this simple measure which, honestly, is effortless in the beginning of the project can save you from headaches in the future.
This will give you freedom to add custom methods to the User model without having to rely on a OneToOne model or having to implement an Abstract model. How you are going to implement multiple user types depends on the requirements of your application.
Below, a few questions you have to ask yourself:. A very common case is to have a regular user and an admin user. Now, what this user can or cannot do, is defined by the permissions framework where you can add specific permissions to a given user, e. So here as you can see, the permissions are managed at two different levels. Add a comment. Active Oldest Votes.
Miguel Rebelo Miguel Rebelo 26 2 2 bronze badges. Ayush Pallav Ayush Pallav 6 6 silver badges 14 14 bronze badges. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Django The web framework for perfectionists with deadlines. Documentation Search: Search. Getting Help el es fr id it ja ko pl pt-br zh-hans Language: en 1. Groups: A generic way of applying labels and permissions to more than one user.
Solutions for some of these common problems have been implemented in third-party packages: Password strength checking Throttling of login attempts Authentication against third-parties OAuth, for example Object-level permissions. AuthenticationMiddleware associates users with requests using sessions.
0コメント