I am using active directory login authentication for my django web application. So there is no need of change password link in admin site.
I have searched lot of article, but I haven't found any thing to hide change password link.
So what is the way of hiding change password link from admin?
You don't need to override admin template.
If user.has_usable_password() returns False, then Django will not display change password URL for that user.
user.has_usable_password()can be made to return False by calling user.set_unusable_password().
From docs:
set_unusable_password()
Marks the user as having no password set. This isn’t the same as having a blank string for a password. check_password() for this user will never return True. Doesn’t save the User object.
You may need this if authentication for your application takes place against an existing external source such as an LDAP directory.
has_usable_password()
Returns False if set_unusable_password() has been called for this user.
Source code for condition filter in Django base admin template:
{% if user.has_usable_password %}
{% translate 'Change password' %}
{% endif %}
Related
I want to hide a button from a Django Admin or superuser but I want to display it if the user is not an Admin or superuser.
How to do it?
Superusers have a is_superuser attribute attached to request.user, so you can check whether or not a user is a super user by making a block in your template that asks:
{% if request.user.is_superuser == False %}
<button>My button</button>
{% endif %}
Similarly, admins (or as Django calls them, 'staff') also have an is_staff attribute set to a boolean value.
Django comes with a built-in admin page, which has it's own login panel.
Most Django sites implement their own login panel. That makes sense, since it gives them a lot of flexibility. But for some apps it would be sufficient to use the existing admin login panel instead of implementing your own.
Of course I could just redirect the user to the admin login page. However, after login the user is automatically is redirected to the main admin page and I would like him to be redirected to my app'
s page instead.
How can I use Django's built-in admin login panel for my own app?
It is possible to seamlessly integrate the admin login panel into your app, by redirecting to your app's page instead of the admin site.
The Django admin site provides default views for login and logout as documented here:
admin:login
admin:logout
Both views support the next URL parameter, which allows you to specify to which page the user will be redirected after completing the process step. This allows you to specify your own app's pages instead of the admin site.
Note that there is one caveat to this approach: The admin login panel will only work for users, which have the staff role.
Example template snippet
For this Django template we are assuming your app is called my_app and this template is part of an view called my_app:index.
{% if request.user.is_authenticated == False %}
<p>
You are currently not logged in. Click
here
to login.
</p>
{% else%}
<p>
You are logged in as user: <b>{{ request.user.username }}</b>
<a href="{% url 'admin:logout' %}?next={% url 'my_app:index' %}">[Logout]
</a>
</p>
{% endif %}
I am using Django 1.5 and I want to check if the user has been redirected to my login page because he tried to access another page which required a login without being logged in. Suppose there is this view called 'securityPage' and suppose that view is called when I visit the
/securityInfo/
URL. Assuming this is the securityPage view:
#login_required
def securityPage(request):
#some code
Now when I visit that URL, it redirects me to the login.html page, which is correct (since the user - me - is not logged into any account). This is my login.html:
{% if 'next' in request.GET %}
<p>You must first login into your account before having access to the page you were trying to view.</p>
{% endif %}
for some reason, even though I am being redirected and the URL of the login page I am redirected to is
http://127.0.0.1:8000/login/?next=/securityInfo/
, the line
{% if 'next' in request.GET %}
evaluates to false even when 'next' is in the URL. Any idea why?
i don't think request object is part of the default context values.
check your template_context_processors in your settings and if you add django.core.context_processors.request in that list then the current request will be added to every requestcontext. or just pass the request manually for that view.
https://docs.djangoproject.com/en/1.5/ref/templates/api/#django-core-context-processors-request
I followed this page to set up a django registration site. It's pretty awesome, and registration and authentication are nicely wrapped.
But, it doesn't show me, how do I check if a user is logged in, who this user is, before displaying a webpage? and how do I direct the user to a new page after logged in?
Thanks!
In a view, you can use if request.user.is_authenticated(): and the variable for the current user is request.user
In a template, you can use {% if user.is_authenticated %} and the variable for the current user is user
For redirecting a user after logging in, you can set up LOGIN_REDIRECT_URL variable in settings.py
In .py documents
You can either use this inside every view
if not request.user.is_authenticated:
#do something
or this just before every view
#login_required
Remember that this one requires importing from django.contrib.auth.decorators import login_required
and you may also want to write LOGIN_URL = "/loginurl/" in your settings.py to get non-logged users redirected to an specific URL instead of the default one accounts/login)
In .html documents
{% if not user.is_authenticated %}
Login is required
{% endif %}
Redirecting after logging in
You can either modify LOGIN_REDIRECT_URL in settings.py
or redirect("/indexpage") after the user has been logged in.
This last one requires importing from django.shortcuts import redirect
You can also use a login required decorator before your view :
#login_required()
It redirects a user to the login page if a non logged in user tries to access your view
You will find more on this page :
https://docs.djangoproject.com/en/dev/topics/auth/default/#topic-authorization
I am developing a web based application in which i need to update the password and is_staff status of a user from Admin(template) page. To do this i created a template which are showing the list of all registered users. see the template:
{% for obj in users_list.object_list %}
<tr class="{% cycle 'odd' 'even' %}">
<td>{{obj}}</td>
<td>{{obj.first_name}}</td>
<td>{{obj.last_name}}</td>
<td>{{obj.email}}</td>
<td>{{obj.is_staff}}</td>
The above code showing the list of all users includes their Full name, Email and is_staff status. What i want, when admin will click on the user name (i uses the href attributes). It will get the option to update the password and is_staff status for a clicked user at open page.
To do this i am not able to find out how to pass the id of user in following line. I tried with user.pk but it always given 1 to me. May be it is returning the current loginned user id but the loginned user is super user also:
<td>{{obj.first_name}}</td>
The reference to the user is obj, not user. So obj.pk should work.