tags:

views:

220

answers:

2
+1  Q: 

Django: Losing my mind and pulling my hair out with Django auth.

I'm creating a SAAS as a project, and can't seem to wrap my dinosaur brain around this auth system. I started to roll my own system before I realized you could add on to the normal auth system. Is this completely wrong? Should I somehow extend the User model but still include all of my own attributes (username, password, etc)?

from django.db import models
from django.contrib.auth.models import User
from annoying.fields import AutoOneToOneField
from myproject.core.modelfields import LowerAlphanumericField
from myproject.apps.account.models import Account

class Administrator(models.Model):
    """
    Administrator for an Account (application holds multiple accounts as it is a SAAS).
    """
    account = models.ForeignKey(Account)
    user = AutoOneToOneField(User, primary_key=True)
    name = models.CharField(max_length=255)
    email = models.EmailField()
    username = LowerAlphanumericField(max_length=30)
    password = models.CharField(max_length=255)

If I visit http://127.0.0.1:8080/admin/auth/user/3/ I get an error, but the primary key for the third administrator object I created is 3 (which one would assume is the primary key for the related User object. Am I missing something. Also, do I need to create a password field, and all that junk here, or rather should I?

+1  A: 

are you already using built-in django authentication? if yes, then you can specify a model that's related to the User model in which you can store additional information about users. it's explained here: http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users

it's simple adding the following line:

AUTH_PROFILE_MODULE = 'accounts.Adminstrator'

there's no need to store the passwrd yourself, i think django does this

Stefan De Boey  2010-02-19 00:58:21
@bste I'm trying to decide whether to use the built-in auth, and I'm leaning toward it since it's pretty full featured. My concern is this: How do I create a user object and give it all the attributes (username, password, etc) when creating my Administrator. I'm using AutoOneToOneField which I have no clue how it works. It seems to randomly select a User object to attach or something. I'm about to lose my mind :)
orokusaki  2010-02-19 02:48:05
You need to register a handler for the signal django.db.models.signals.post_save on the User model, and, in the handler, if created=True, create the associated user profile.
Stefan De Boey  2010-02-19 09:08:34
+1 Thanks for the info.
orokusaki  2010-02-19 16:01:37
+3  A: 

It seams to me that you don't really need to add that much extra information. Django auth covers all the aspects you are looking for:

  • username
  • password (sha1 hash)
  • firstname
  • lastname
  • email

and Dango auth also has a fairly useful permissions system:

  • superuser
  • staff
  • active

Whenever I wish to add additional information to a User object, I generally create a new model and store a reference to the User.

class UserProfile(models.Model):
    user = models.OneToOneField(User)
    # Extra functionality

And then follow what @bste suggests, add AUTH_PROFILE_MODULE = 'accounts.UserProfile' to your settings file. This allows you to access a user profile (your extra information) with the get_profile() method on any User object.

Marcus Whybrow  2010-02-19 13:56:37
@Marcus Is the superuser, staff, and active compatible with all custom views for an SAAS. I'm not letting my users have access to any admin pages.
orokusaki  2010-02-19 19:06:57
@orokusaki making users not active is analogous to deleting a user. Staff users DO have access to the django admin, and superuser can do absolutely anything. Thus in your case I would use those attributes for developers of your project, and incorporate separate attributes into the UserProfile model to dictate actions specific to your system.
Marcus Whybrow  2010-02-19 19:20:29
@Marcus Thanks, that's sort of what I was looking for (the last bit about creating my own permission attributes). I didn't want to reinvent the wheel because every time I do I find out I didn't need to (it's either built-in and I missed it, or there's a huge project out there). In fact, I just finished building some pretty cool JSON-RPC stuff to extend some of the bits and pieces I found on the interwebs... Then I found Django Piston, which was a pleasant slap in the face.
orokusaki  2010-02-20 02:03:25
@orokusaki Wow I did that exact same thing, I developed a small JSON returning API, but luckily, its so simplistic once I discovered Piston, I didn't feel I had wasted to much time, but we digress.
Marcus Whybrow  2010-02-20 17:09:36

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django