django-authentication

Can I use the Auth application's permission checking inside a template in Django? (I want to display a simple form at the end of the template for privileged users) And more importantly, should I do it at all or is this no the "Django way"? Victor Neo If you are looking to check for permissions in templates, the following code would suffice: {% if perms.app_label.can_do_something %} <form here> {% endif %} Where model refers to the model that the user need permissions to see the form for. Refer to https://docs.djangoproject.com/en/stable/topics/auth/default/#permissions for more examples. The

In my django app under certain conditions I need to be able to force user logout by a username. Not necessarily the current user who is logged in, but some other user. So the request method in my view doesn't have any session information about the user that I want to logout. I am familiar with django.auth, and with auth.logout method, but it takes request as an argument. Is there a "django-way" to log user out if all I have is the username? Or do I have to roll my own logout sql? I don't think there is a sanctioned way to do this in Django yet. The user id is stored in the session object, but

From the Django.Contrib.Auth docs : Extending Django’s default User If you’re entirely happy with Django’s User model and you just want to add some additional profile information, you can simply subclass django.contrib.auth.models.AbstractUser and add your custom profile fields. This class provides the full implementation of the default User as an abstract model. Said and done. I created a new model like below: class MyUser(AbstractUser): some_extra_data = models.CharField(max_length=100, blank=True) This shows up in admin almost like Django's standard User . However, the most important

My original question was how to enable HTTPS for a Django login page , and the only response, recommended that I - make the entire site as HTTPS-only . Given that I'm using Django 1.3 and nginx, what's the correct way to make a site HTTPS-only? The one response mentioned a middleware solution , but had the caveat: Django can't perform a SSL redirect while maintaining POST data. Please structure your views so that redirects only occur during GETs. A question on Server Fault about nginx rewriting to https , also mentioned problems with POSTs losing data, and I'm not familiar enough with nginx to

I created a custom group in Django's admin site. In my code, I want to check if a user is in this group. How do I do that? miku You can access the groups simply through the groups attribute on User . from django.contrib.auth.models import User, Group group = Group(name = "Editor") group.save() # save this new group for this example user = User.objects.get(pk = 1) # assuming, there is one initial user user.groups.add(group) # user is now in the "Editor" group then user.groups.all() returns [<Group: Editor>] . Alternatively, and more directly, you can check if a a user is in a group by: if