I was wonder if it is possible to include a way that when someone fill the user registration form to register, can the details be sent to an admin email for authorization before the user can login in django?
Since you did not provide any code I will guide you the process, you can later come back more specific question if you are stuck :
Use the field is_active provided by Django from the User model to authorised access within your website.
Extends the field is_active to set the default to False or set it to false in the begging of your user view
Create a link with the ID of the user and a path to the Django Admin where you can update the user and active to True
In short yes, possible and pretty easy if you know a bit of Django.
Related
I am using djnago all-auth to create custom user accounts. When creating an account with email and password, if account with a email already exits it gives an error (UNIQUE constraint failed: account_emailaddress.email) but I would like to display message that an account with this email already exists instead of throwing an error. What is the best way to handle this? In general I would use AJAX to verify and display message for my own views but I do not know how to deal here with django all-auth package.
I'll suggest that you should override the signup/login form in order to manage this error. Have you checked the documentation? https://django-allauth.readthedocs.io/en/latest/forms.html
I think this answer is related to your question.
A relatively similar approach is given in this answer:
Create your custom view that inherits SignupView and overrides the form class
Create a custom form that inherits from SignupForm and overrides the email validation message
In your own urls.py add the following after include('allauth.urls') to override the account_signup url
Since djangoallauth take care of unique constrain you don't have to add unique=True to your field if user try to login with any social media account with email id already present in your database it djangoallauth will simple ignore and will not set email id in your user model. :)
I am handling my unique fields i.e Email field manually
I want to make a Django REST User API with complex permissions as follows:
GET
Only Admin should be able to get all User data
Logged in User should be to get himself and the names of other Users
PUT
Only Admin and Self should be able to PUT
Except for is_staff and is_superuser only is_superuser should be able to change the status of a user
Password changes by a User should require the old password
if User is !is_staff password reset should be possible
POST / DELETE
Only Admin should be able POST/DELETE User
User should be able to update his own Profile
Unfortunately, I have no idea how to control the view or serializer to allow such permissions. Is there a template how I can exactly control the permissions?
You can write your custom permission according to DRF docs.
And add YourCustomPermission in your view:
class ExampleView(APIView):
permission_classes = (YourCustomPermission,)
I have a project I am working on that requires some users to be authenticated via facebook and others to sign up using a custom model. The facebook users will not have the same sign up credentials as the custom model. For example- there will be a restaurant owner sign up and a customer signup. The customer will not have to put a street address location, they can simply login.
My intentions were to have the restaurant owners sign up via the custom profile model and the facebook users to simply login via the defualt social auth, but whenever I combine the two, social auth starts to use the custom model because I define a custom user model within settings. Is there a way to distinguish to the python social auth backend to only use the default or a way to update my current custom user model to have a facebook segment. I have searched the web for a long time for this, but can not seem to find anything that can combine the two besides (1), but it did not work successfully. I can however get one or the other working successfully depending on if I specify a user model in my settings.py file or not.
It is quite simple, but I do not know of a way to get social auth to look at its default and djangos authentication to look at my custom model.
(1)-http://code.techandstartup.com/django/profiles/
In order to distinguish one type of user from another, you can do something like this:
First, in your settings file, store the following:
FIELDS_STORED_IN_SESSION = ['type']
This will be stored in strategy parameter in every function of pipeline
Then, change the pipeline wherever necessary. For example, in your create_user pipeline function, you can do this:
user_type = strategy.session_get('type')
if user_type != 'customuser':
return {
'is_new': True,
'user': strategy.create_user(**fields)
}
else:
return {
'is_new': True,
'user': create_restaurant(**fields)
}
Basically, the goal is to have valid username/password pair for each registered user.
I think the proper way to do that is to create custom form for social signup.The default workflow for social signup is:
User clicks "Sign in with PROVIDER_NAME";
User gives access to my app on provider's site;
Site redirects him to my app where he should fill additional fields like username etc. and complete registration.
And I need to ask user for passwords too at the last step. Form should validate that passwords and save it to user.
Any ideas? Have no idea how can it be implemented with custom form or adapter.
The purpose of allauth, is to avoid the user to create a new username/password for your site.
However, you can configure a form to add that information.
Set up the form you want to show to the user.
ACCOUNT_SIGNUP_FORM_CLASS = 'project.forms.MyUserForm'
I've put myself into somewhat of a pickle. I use django-registration often, and it seems to work for most situations. However, I want to require users to build their profile (eg: demographic information) before they can visit any of the other pages.
This is how I desire the current setup to run:
visitor fills out registration form --(submit)--->
user email verification --(link creates active user)--->
--(redirected to profile view)--->
user fills out profile form --(submit)-->
user can now access the rest of the website
Is there a recommended way to do this?
One of the ways of doing it would be to use your own #profile_required decorator rather than the django's built in login_required on all your views.
#login_required
def profile_required(func,request,*args,**kwargs):
has_profile = request.user.profile_set.count()
if not has_profile:
return redirect('create_profile')
return func(request,*args,**kwargs)
Then on each view you want to have a user with profile visit, just:
#profile_required
def my_awesome_view(request):
...