python - How to handle multiple user type in Django -



python - How to handle multiple user type in Django -

i'm trying create little website has 3 types of users ["client" , "volunteer" , "coordinator"]. each type of user has restrictions on views can access. 3 users have different login pages.

approach 1 : accomplish this, i've added key session category, assign 1 of above given usertypes during login and, whenever view called, check whether user can access view.

login.html:

{% extends "base.html" %} {% block content %} {% if form.errors %} <p class="error"> sorry , invalid</p> {% endif %} <form action="/login_volunteer/authenticate/" method="post">{% csrf_token %} <label for="username"> username : </label> <input type="text" name="username" value="" id="username"> <label for="password"> password : </label> <input type="password" name="password" value="" id="password"> <input type="hidden" name="category" value="volunteer" id="category"> <input type="submit" value="login" /> </form> {% endblock %}

view.py:

def hello(request): name = "abhishek" if request.session.session_key none: html = '<html><body>session expired</body></html>' homecoming httpresponse(html) try: if not request.post.get('category') == 'volunteer html = '<html><body>you not allowed here</body></html>' homecoming httpresponse(html) except : print "error" html = '<html><body>hi awesome</body></html>' homecoming httpresponse(html)

approach 2 : thought create custom user class rather using default user provided django , assign customuser request.user during login. when view called, check is_client or is_volunteer.

customuser.py:

from django.db import models django.contrib.auth.models import abstractbaseuser class volunteeruser(abstractbaseuser): """ custom user class. """ email = models.emailfield('email address', unique=true, db_index=true) joined = models.datetimefield(auto_now_add=true) is_active = models.booleanfield(default=true) is_volunteer = models.booleanfield(default=false) class clientuser(abstractbaseuser): """ custom user class. """ email = models.emailfield('email address', unique=true, db_index=true) joined = models.datetimefield(auto_now_add=true) is_active = models.booleanfield(default=true) is_client = models.booleanfield(default=false)

so question is, of these approaches best way accomplish task @ hand? there other method solves this?

i'm concerned security , sense first method more insecure second.

the improve approach achieving requirement utilize inbuilt group , permissions model in django. since permissions can little tricky, alternative approach create userprofile model below:

from django.contrib.auth.models import user class userprofile(models.model): user = models.foreignkey(user) type = models.charfield(max_length=15)

then utilize decorators controlling access views this:

from django.contrib.auth.decorators import user_passes_test @user_pass_test(lambda u: u.get_profile().type == 'client') def view_for_client(request): ...

the userprofile model useful save of preferences of user. need set next setting:

auth_profile_module = 'accounts.userprofile'

python django python-2.7 django-sessions

Comments

Post a Comment

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

php - Android app custom user registration and login with cookie using facebook sdk - i developing android application in users need register , log in using facebook. approximately, flow. open app first time, authenticate facebook, data, send info server create them business relationship in application, start session new business relationship in server, cookie perform later interactions. so far good. what need know wich info have send server, can able identify users when log in seccond time. because need start session in server , send cookie android app farther interactions. i'm using php server side language. i thinking getting getaccesstoken() in android facebook sdk, pass server on business relationship creation , storing in android app. but can't manage how login users on sec time utilize app. any suggestions ? in advance ! to uniquely identify user within app, should create request /me , user's id. guaranteed unique , remain con...
Read more

c# - Create a Notification Object (Email or Page) At Run Time -- Dependency Injection or Factory -

c# - Create a Notification Object (Email or Page) At Run Time -- Dependency Injection or Factory - i have code emails me notification when happens. trying add together page , also remove dependency on email. for reference; have name of notification want send stored string in database. @ runtime have list of people , string representation of want receive. i thought dependency injection ninject, kernel bindings got big , seemed hacking together. then thought simple factory, activator.createinstance(email/page) inotifcation, don't know how handle differing constructor parameters (unless utilize common, complex property, employee, has info need). so far have this: public interface inotification { void sendmessage(); } public class email: inotification { private readonly string _toemailaddress; private string body { { homecoming "email"; } } private static string smtphost { ...
Read more

Set Up Of Common Name Of SSL Certificate To Protect Plesk Panel -

Set Up Of Common Name Of SSL Certificate To Protect Plesk Panel - a pci compliance scanner balking self signed ssl certificate protecting secure access plesk panel contains name mismatch between location of plesk panel , name on certificate, namely self-signed cert's name "parallels" , domain reach plesk 'ip address:8443'. so figured go ahead , free ssl certificate seek fiddle error. when generated certificate used server domain name site name when generated certificate. if visit 'domain name:8443' fine, no ssl warning. if visit 'ip address:8443' (which believe scanner does) certificate name mismatch error, digicert's ssl checker says certificate name should ip address. can generate certificate mutual name ip address? tempted should pci scanner accepts, right mutual name use? run issue before? you can seek subject alternative name extension ip address. also, can maintain "parallels" mutual name, , add together ...
Read more