ansaurus

Question

How to get unique users across multiple Django sites powered by the "sites" framework?

Answer 1

+1 A:

You can plug your own authorization and authentication backends that take the site id into consideration.

See other authentication sources on the django documentation and the authentication backends references

Besides that, if your django source is too old, you can always modify the authenticate() or login() code yourself. After all... Isn't that one of the wonders of open source. Be aware that by doing so you may affect your compatibility with other modules.

Hope this helps.

kripto_ash 2009-09-10 09:09:02

Writing a custom backend is certainly something I have considered, but turned down for the moment as I don't think I have the skills necessary. The same goes for modifying the actual Django code.

westmark 2009-09-10 10:34:05

Writing a custom auth backend is not hard, it's probably about six lines of code. One of the easier things to do in Django. To maintain maximum compatibility, put a ForeignKey to Site in the user profile model and key off that in your custom auth backend.

Carl Meyer 2009-09-10 15:00:59

I would upvote this answer if it didn't recommend modifying Django source directly. There's absolutely no reason to do that when custom auth backends are available, it shouldn't even be mentioned in the answer.

Carl Meyer 2009-09-10 15:01:45

Answer 2

A:

You have to know, that many people complain for Django default authorization system and privileges - it has simply rules for objects, for instances of the objects - what it means, that without writing any code it woudn't be possible.

However, there are some authorization hooks which can helps you to achieve this goal, for example:

Take a look there: http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py and for class Permission.

You can add your own permission and define rules for them (there is a ForeignKey for User and for ContentType).

However2, without monkeypatching/change some methods it could be difficult.

bluszcz 2009-09-10 13:20:00

Answer 3

+3 A:

The most compatible way to do this would be to create a user Profile model that includes a foreign key to the Site model, then write a custom auth backend that checks the current site against the value of that FK. Some sample code:

Define your profile model, let's say in app/models.py:

from django.db import models
from django.contrib.sites.models import Site
from django.contrib.auth.models import User

class UserProfile(models.Model):
    user = models.ForeignKey(User)
    site = models.ForeignKey(Site)

Set it in your settings.py as the profile model:

AUTH_PROFILE_MODULE = 'app.UserProfile'

Write your custom auth backend, inheriting from the default one, let's say in app/auth_backend.py:

from django.contrib.auth.backends import ModelBackend
from django.contrib.sites.models import Site

class SiteBackend(ModelBackend):
    def authenticate(self, **credentials):
        user_or_none = super(SiteBackend, self).authenticate(**credentials)
        if user_or_none and user_or_none.get_profile().site != Site.objects.get_current():
            user_or_none = None
        return user_or_none

This auth backend assumes all users have a profile; you'd need to make sure that your user creation/registration process always creates one.

Carl Meyer 2009-09-10 15:12:32

Thanks Carl, I'll use your implementation and hopefully learn something about custon backends in the process.

westmark 2009-09-11 05:59:31

ansaurus

tags:

views:

answers:

How to get unique users across multiple Django sites powered by the "sites" framework?

related questions