tags:

views:

118

answers:

1
Q: 

Django: Using custom AUTH system, why is the User model always still needed?

I'm developing an SAAS and having the hardest time wrapping my brain around why I need to use "User" for anything other than myself. I don't know why but it makes me queezy to think that I, as the developer/admin of the entire software, with full Django Admin access (like the Eye of Sauron), have the same type of User object as an "Account" holder's "UserProfile" has. Please help me understand why this is necessary.

Example:

class Account(models.Model): # represents copporate customer
    admin = models.ForeignKey(User)
    # other fields ...

class UserProfile(models.Model):
    user = models.ForeignKey(User)
    account = models.ForeignKey(Account)

It feels like I'm mingling the builtin Admin functionality with my account holders' users' functionality. Is this just for purposes of reusing elements like request.user, etc.?

+1  A: 

Well, reuse of code and functionality might be a happy side-effect, but fundamentally I don't think this is broken.

A User represents someone using your website. At the base level it doesn't matter who that person is or what features or functionality they need - just that they make requests and can be identified in some way.

Further functionality can be added in different layers, either through built in components like Groups or Permissions, or through something else you build on top yourself as you are doing in your example.

Andy Hume  2010-02-18 22:25:07
@Andy Hume What about all the attributes: username, first_name, last_name, email, password, is_staff, is_active, is_superuser, and so on. Do I need to use all of these when I create a User? I guess I'm just having trouble understanding how all these attributes could fit into my own system. Is it that I should use all these attributes? If is_superuser=True doesn't that give them an all access pass if they just type www.example.com/admin/? I looked at Django-Annoying and it has a AutoOneToOneField() that creates the User for you, but what about setting all the attributes?
orokusaki  2010-02-18 22:32:29
You certainly don't have to use all the attributes. You can expose as few or as many as makes sense depending on what you want a specific type of User to be able to do.Yes, is_superuser=True should be reserved for only yourself and the very privileged few that need it. A 'normal' user would have it set to False.You can set all the attributes though the OneToOneField if you need them, eg. profile.user.last_name = "Jones"
Andy Hume  2010-02-18 22:50:52

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django