Im developing a google app engine and django based site and i'm tring to figure out what's
the best approach to solve the problem, the site requirments are as follows:
There must be a super administrator who's only task is to create second level administrators and assign them to a group.
Second level administrators can create regular users and those users are assigded to the same group from the admin that created them.
Regular users don't do much besides login and logout.
I've been reading and i think i can solve 1 with the (login: admin) GAE feature for app.yaml.
I don't want to use google accounts neigther openid because second level admins are
the only allowed to create users.
For 3. Is it possible to use django session utility to handle regular users ?
I'd appreciate suggestion for a particular point or the whole thing.
For 1:
login:admin in app.yaml will prevent users that are not associated with your GAE project from visiting that URL or set of URLs. Any user associated with your GAE production project is an admin. You can create additional filtering inside the application by confirming the username that they are currently logged in with.
from google.appengine.api import users
user = users.get_current_user()
email = user.email()
For 3:
I am not sure, we ended up rolling our own.
Related
I am creating a flask app to be used internally in my company. I would like to restrict what a user can do it based on its login ID. I read a lot about using LDAP3 but I don't think I can do what want which send the login ID to the server. There I would have a table which will register which part of the system has the permition to edit. If it try to change somenthing not permited the app will retrieve a warning message.
I won't to do that to avoid having to create a separate login functionality just for this app. I read that I should use AD authentication but I am not very familiarized with that and I would also like to avoid having to ask our IT department to create user groups there for each part of my system.
I know that I can do that using ASP .NET (at least I did once).
Any guidance will be apreciated.
I think you are looking for Role-based Authorization.
In order to use this functionality you will need to implement roles on your model file per the Data-models documentation.
This will allow you to assign users a role when they are created, and you can use a decorator on your routes to 'require' the user to have the role you want them to have before they access the endpoint.
So, I'm adding on another app to a webapp that I'm building for my company, this one involving bill creation for invoices. Unless one has a specific account with my website, they should not be allowed to access this specific app.
I am using Django's built-in authentication system. My LOGIN_REDIRECT_URI is set to redirect to one of my apps. However, I would like for the login redirect to send the user to the app that they were previously in after login. How might I accomplish this?
Thank you in advance!
I'm using django-auth with the django-auth-openid extension to use OpenID (specifically, Google) to log users into my site. I have a user base of about 90 who will be using the site. All of them have Google accounts, and will be using them to access the site. Since the user base is set (there is no registration allowed, only admins can add users), I already have an exhaustive list of all of my users, including their email addresses and other information. How can I allow these users to login with their Gmail addresses without making them register first? Essentially, I'd like to make django-auth-openid match OpenID Gmail addresses to rows in the existing django-auth Users table. Is this possible?
Thanks!
I ended up using the python-social-auth library (which has Django support built in). The documentation for use with Django isn't great, but between the docs and the provided example it was relatively easy to integrate it with my existing django-auth setup. After that, I just deleted the 'create_user' pipeline from the SOCIAL_AUTH_PIPELINE tuple in my settings, and, that way, only users with existing OpenID connections were allowed in (no new registrations occurred from OpenID logins). This meant, though, that I had to create those connections (between OpenID identifiers and Users) manually, but that was pretty easy to do just using the Django Python shell.
I have been following along with the django tutorial and have Polls appearing in the administration panel of the site.
Additionally, I have, using django-registration package, created a way to allow a user to login and register a new account.
How do I grant this user permission to create objects in the Polls such that appear in the admin panel of the website?
Also, these users will not be staff so they will not be able to log in to the administration portion of the website. Is there a way to create Poll objects in a form?
Also, these users will not be staff so they will not be able to log in to the administration portion of the website. Is there a way to create Poll objects in a form?
This is literally what you do on page 4 of the django tutorial. Finish the tutorial, and you will answer your own question.
https://docs.djangoproject.com/en/dev/intro/tutorial04/#write-a-simple-form
I am developing an application using Django 1.4. When I log into admin site in another tab in the browser, the application interface in which I am already logged in automatically logs out. Please help me in solving this issue. The browser I am using is Firefox. Thanks in advance.
Admin is also a user in django. So, you can't have more than one user logged in at the same time in the same browser, can you? Try the same scenario on facebook. This is what it is. You re fine, there's no problem.
On the side note, if you are just getting started with your project use Django 1.5.
Well you cannot log into the same website with different login ids simultaneously until and unless you dont use some plugins for this feature or you are opening different ids in the incognito window.
Since admin is a superuser(still a user), hence you cannot open a multiple django accounts in the same browser. One account will be logged out in order to open the other one. This is no issue. Happy coding.
The Django admin site is just another page of your Django main website. Say if you have foo.com, then foo.com/admin/ shows you the admin portal.
And we already know that two users cannot be simultaneously logged in to the same website from the same browser.
So, you can test on your foo.com site, being an admin user itself. Experience on the Django website for any user will be same, it doesn't change with user being a staff member or superuser. Only admin site has different permissions based on these factors.
In this case, you'll be able to use both the main site, as well as admin portal.
But if you really want to use different user accounts for admin site and main site, then you should either use different browsers or Private window in Firefox.