I’ll start this by saying we use none of these for object level permission – we use our own custom method and I really wish we hadn’t. If you can avoid object level permissions at all, do so, they are a pain to organise. This is how I evaluate the 3 apps you’ve mentioned. Active … Read more
You can setup a custom ModelChoiceField that will return whatever label you’d like. Place something like this within a fields.py or wherever applicable. class UserModelChoiceField(ModelChoiceField): def label_from_instance(self, obj): return obj.get_full_name() Then when creating your form, simply use that field UserModelChoiceField(queryset=User.objects.filter(is_staff=False), required = False) More info can be found here
Yet another solution: from django.contrib.auth import get_user_model from django.contrib.auth.backends import ModelBackend from django.db.models import Q class EmailOrUsernameModelBackend(ModelBackend): “”” Authentication backend which allows users to authenticate using either their username or email address Source: https://stackoverflow.com/a/35836674/59984 “”” def authenticate(self, request, username=None, password=None, **kwargs): # n.b. Django <2.1 does not pass the `request` user_model = get_user_model() if username … Read more
Use add and remove methods: from django.contrib.auth.models import Permission permission = Permission.objects.get(name=”Can view poll”) u.user_permissions.add(permission)
The code that doesn’t work: from django.contrib.auth.models import User from django.test import Client user = User.objects.create(username=”testuser”, password=’12345′) c = Client() logged_in = c.login(username=”testuser”, password=’12345′) Why doesn’t it work? In the snippet above, when the `User` is created the actual password hash is set to be `12345`. When the client calls the `login` method, the value … Read more
For the 2nd part of John C’s answer, and Django 1.4+… Instead of extending HttpResponseRedirect, you can change the request.scheme to https. Because Django is behind Nginx’s reverse proxy, it doesn’t know the original request was secure. In your Django settings, set the SECURE_PROXY_SSL_HEADER setting: SECURE_PROXY_SSL_HEADER = (‘HTTP_X_FORWARDED_PROTO’, ‘https’) Then, you need Nginx to set … Read more
Ok, I eventually found a way of doing this, although I’m sure there are better ways. I created a new middleware class called LoginFormMiddleware. In the process_request method, handle the form more or less the way the auth login view does: class LoginFormMiddleware(object): def process_request(self, request): # if the top login form has been posted … Read more
django.contrib.auth.views.login redirects you to accounts/profile/ right after you log in. You may want to set LOGIN_REDIRECT_URL inside your settings.py file to anything you like..
Your view has the same name as the auth login function, so it is hiding it. Change the view name, or import the function under a different name eg from django.contrib.auth import login as auth_login.
I also went with a custom form for this. In urls.py specify your custom form: (r’^change_password/$’, ‘django.contrib.auth.views.password_change’, {‘password_change_form’: ValidatingPasswordChangeForm}), Inherit from PasswordChangeForm and implement validation: from django import forms from django.contrib import auth class ValidatingPasswordChangeForm(auth.forms.PasswordChangeForm): MIN_LENGTH = 8 def clean_new_password1(self): password1 = self.cleaned_data.get(‘new_password1’) # At least MIN_LENGTH long if len(password1) < self.MIN_LENGTH: raise forms.ValidationError(“The new … Read more