Django admin user - django

I am reading 2 quite popular django books, both recommend using django's admin user model, template to create user for the site I am building. It feels odd. Isn't it dangerous to add our site's users with the admin users that uses Django admin interface?
If that recommendation is right, how can I add more attributes to that admin user model (hence add more columns to the auth_user table)?

What they recommend is to use the Users model provided by the django.contrib.auth application. It's the standard in django and many other apps depend on this model to integrate with user data. Being the django admin one of them.
Note that not all users created using this model have access to the admin site. Only the ones with is_staff set to True.
To assign extra user information on the Users model you should use Profiles.

Related

Multiple user models in Django inherited from AbstractBaseUser

I have a "legacy" database with different tables for different user types (admins and customers). They have nothing in common. I need to implement both models in the Django project, users need to log in to the client pages, admins to the admin pages (not django admin).
How to solve this deal?
Basically, I have an idea to run two application instances with different config values AUTH_USER_MODEL but it looks not the best idea.
Thanks in advance.
Why not move the user account info like username password and name to django user and add extra role info to the role table linked by foreign key.

Custom User profile for Django user

Django - Models extension Vs User Profile
I want add some custom fields like following
1. ssn
2. is_manager
3. manager
I have 2 choices -
Extend AbstractBaseUser
OR
Create User profile based on signal and have OnetoOne field.
Which one is better, future proof, DB migration friendly and maintainable ?
The Django documentation answers this question in detail:
If you wish to store information related to User, you can use a OneToOneField to a model containing the fields for additional information. This one-to-one model is often called a profile model, as it might store non-auth related information about a site user.
In your case, the added fields do not seem to be authentication related, so your best bet is to use the user profile method. Substituting a custom user model is overkill for such purposes.

Extending the django User

this is my first question on stackoverflow. I am a beginner programmer and kind of have issues with programming logic.
My issue is that I have a model(which happens to be a form) which collects important information from the users, I want to be able relate this model with the individual user since it has the information about them that I need.
Any form of help is appreciated...By the way am using the Django web framework.
Before 1.5: https://docs.djangoproject.com/en/dev/topics/auth/#auth-profiles, add a model that links OneToOne to the User model provided by Django and telling about that model in settings.py with the global AUTH_PROFILE_MODULE
After 1.5: https://docs.djangoproject.com/en/dev/topics/auth/#auth-custom-user, the previous method is deprecated. Now you have to fully customize the User model provided by Django.
If you are a new user, I suggest the following links:
EXTENDING USER MODEL IN DJANGO
Storing additional information about users
Generally, you create a normal model with a foreign key to the Django User model. Then add any other fields you would want to store for a user e.g. date of birth, website, favorite color, etc.

Adding fields to user's personal info in Django admin page

I just started a Django project (there are no apps in it). I activated the admin in settings file and can access the Django administration page. There is a column in Django page to add users; while adding users I get only three fields under personnal info, but I need to store some more information about users. I Googled around and found that I can use user profiles to accomplish this. I tried, but I am having problems.
My aim is to add three more fields to the user table:
role
contact number
other
I need details like: which function I need to write and where to do this.
I found this, but I do not know where I need to write these steps. I would greatly appreciate a more clear explanation of this.
Django User Profiles is what you need. The blog you linked to has clear steps on how to do it. You can check out the Django documentation. http://www.turnkeylinux.org/blog/django-profile also provides a good explanation.
Basically you need to create a new model with User as ForeignKey and define the model in the settings.py as AUTH_PROFILE_MODULE = "django_app.your_profile_modelname". Create the profile and save it just like any other model, and access it using user.get_profile()
Adding a couple of things in response to your questions below:
First, do not create apps as a directory. Use startapp <appname> [destination] as described here. That will create the app directory.
Second, you have to add the app to INSTALLED_APPS in the project's settings file, do a syncdb. Basically, follow the steps in Django tutorial on writing your first app.
Third, UserProfile is a separate model. It is not an extension of User. It is associated with the User just because you added User as the ForeignKey.
Fourth, to be able to see the user profile model in admin, you do exactly what you would do to add any other model to admin page. Create a file names admin.py under your app with:
from django.contrib import admin
from myproject.app.models import UserProfile
admin.site.register(UserProfile)
There are three key concepts to understand:
There is no built in "profile" system in Django, beyond the limited auth app which is really geared just to user login. You are expected to roll your own.
There is nothing magical about a profile record in itslef, it is just like any other record that takes User as a foreign key (or, more properly, a one-to-one field as per the docs). You create it by creating a custom django app (traditionally called profiles) and a model for that app (traditionally called UserProfile, since Profile is not allowed as a model name).
The only thing that sets UserProfile aparts as a model is that you specify it as the AUTH_PROFILE_MODULE which means that it is accessible when called .get_profile() on a User record. That's it. If you set up the UserProfile like so:
def UserProfile(models.Model):
user = models.OneToOneField(User, related_name='profile')
other fields
then you can also access the profile as user.profile rather than user.get_profile() which some people prefer.
Again, nothing magical about the profile model -- it is just a model record like any other model record.
If you want to be able to edit additional fields within the user form that's more complicated; easiest way is probable unregister User and then register it again using your custom ModelAdmin and form class but judging by your question you're probably not at that level yet.

Where is Django's admin read-only permission for models?

I've read at How can I MODIFY django to create "view" permission? that Django 1.2 cames with a read-only permission for admin models. Where I set this option? It's not found as a permission in the auth app.
Thanks
You need to follow the steps outlined in the linked answer. The 1.2 feature mentioned in the article concerns adding the editable=False option to a model's field which renders the field non-editable in the admin interface for all users.
If you really are missing this functionality i suggest opening a ticket on the django support site to have this fix added to django however remember that the django admin site is for ADMINS. It is not designed to be used as A CRUD interface for all users, just an administrative interface for diving into the data and editing it in place. It's only over time that people have been adding more and more User friendly enhancements to it.