django管理员不使用自定义用户

时间:2014-09-24 05:10:28

标签: django django-admin

我觉得我错过了这个明显的东西。

我已经创建了自定义用户和用户管理器

class UserManager(BaseUserManager):
    # create a normal user
    # an email and password must be provided
    def create_user(self, email, password, first_name, last_name,
                    location, date_of_birth):

        if not email:
            raise ValueError("User must have an email")

        if not password:
            raise ValueError("User must have a password")

        email = email.lower()

        user = self.model(
                email=email,
                first_name=first_name,
                last_name=last_name,
                location=location,
                date_of_birth=date_of_birth
                )

        user.set_password(password)
        user.save(using=self._db)
        return user

    # Make an administrator   
    def create_superuser(self, email, password, first_name, last_name,
                         location, date_of_birth):
        user = self.create_user(
                email=email, 
                password=password,
                first_name=first_name,
                last_name=last_name,
                location=location,
                date_of_birth=date_of_birth
                )
        user.is_admin = True
        user.is_moderator = True
        user.save(using=self._db)
        return user

class User(AbstractBaseUser):
    email = models.EmailField(
            verbose_name='email address',
            max_length=255,
            unique=True
            )
    first_name = models.CharField(max_length=50)
    last_name = models.CharField(max_length=50)
    location = models.ForeignKey(Location)
    date_of_birth = models.DateField()
    date_joined = models.DateTimeField(auto_now_add=True)

    is_active = models.BooleanField(default=True)
    is_admin = models.BooleanField(default=False)
    is_moderator =  models.BooleanField(default=False)

    objects = UserManager()

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['first_name', 'last_name', 'location', 'date_of_birth']

    def __unicode__(self):
        return self.email

    def get_full_name(self):
        return self.first_name + ' ' + self.last_name

    def get_age(self):
        age = date.today() - self.date_of_birth
        return age.days / 365

    def is_staff(self):
        return self.is_admin

    def has_perm(self, perm, obj=None):
        return True

    def has_module_perms(self, app_label):
        return True

但是,如果我访问管理网站,它会很乐意授权非管理员用户is_admin=False

有没有人遇到过这个问题,将django admin与自定义用户一起使用时是否需要更改?

修改

setting.py

AUTH_USER_MODEL = 'userAccount.User'
AUTHENTICATION_BACKEND = (
    'django.contrib.auth.backends.ModelBackend',
)

1 个答案:

答案 0 :(得分:1)

is_admin不是django的身份验证系统所知道的。在authentication form that is used中,只检查用户是否处于活动状态或是否为员工:

class AdminAuthenticationForm(AuthenticationForm):
    """
    A custom authentication form used in the admin app.
    """
    error_messages = {
        'invalid_login': _("Please enter the correct %(username)s and password "
                           "for a staff account. Note that both fields may be "
                           "case-sensitive."),
    }
    required_css_class = 'required'

    def confirm_login_allowed(self, user):
        if not user.is_active or not user.is_staff:
            raise forms.ValidationError(
                self.error_messages['invalid_login'],
                code='invalid_login',
                params={'username': self.username_field.verbose_name}
            )

在原始用户模型中,is_staff是模型字段。你没有这样的领域,而是一种方法。这可能是它不起作用的原因。

您可以通过两种方式解决此问题:

  1. 创建您自己的AdminAuthenticationForm并调整confirm_login_allowed方法以检查is_admin而不是is_staff

  2. 在自定义用户模型中创建is_staff 属性

    @property
    def is_staff(self):
        return self._is_admin