Can I use same authentication system as provided by Django User models for models subclassing Abstract Base User models and, if not, then what else can we do? Also, how to configure ModelAdmin for providing admin access to these models?
- Using custom user model is descirbed in docsDmitry Egerev– Dmitry Egerev2014-02-04 12:53:34 +00:00Commented Feb 4, 2014 at 12:53
- It is but I am still confused about the modeladmin and the admin class used for abstract base user which is not completely defined in the docssaurabh– saurabh2014-02-04 13:00:28 +00:00Commented Feb 4, 2014 at 13:00
Add a comment |
1 Answer
The fact that you prefer using Django's built-in authentication system as is, is probably an indicator that substituting a custom User class based on the Abstract Base User model is unnecessary. You might want to consider extending the User class with a one-to-one relationship (how-to from the docs). This will allow you to keep all of Django's default behaviour, as well as add any additional fields, methods, etc. that you would want a User to have. We've found this to be adequate for most of our cases, and far less hassle than creating an entirely new Use class.
Anyways, that being said, you can create a custom authentication by inheriting from BaseUserManager and creating a new manager, then assigning your custom User's objects field to this new manager. Alternatively, you could assign your custom User's objects field to Django's manager. You should only create your own manager if you need some sort of custom authentication (for example, logging in with an email instead of with a username). Here is a link to the docs on how to do that.
To register the custom User model with Django's admin, you'll need to do a few things in your specific app's admin.py file. First, create custom forms for creating and editing Users, then subclass UserAdmin in your custom User Admin class, and reference the forms you previously created. Finally, register the new User Admin using admin.site.register(). Here's a full example of the admin.py file:
from django import forms from django.contrib import admin from django.contrib.auth.models import Group from django.contrib.auth.admin import UserAdmin from django.contrib.auth.forms import ReadOnlyPasswordHashField from customauth.models import MyUser class UserCreationForm(forms.ModelForm): """A form for creating new users. Includes all the required fields, plus a repeated password.""" password1 = forms.CharField(label='Password', widget=forms.PasswordInput) password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput) class Meta: model = MyUser fields = ('email', 'date_of_birth') def clean_password2(self): # Check that the two password entries match password1 = self.cleaned_data.get("password1") password2 = self.cleaned_data.get("password2") if password1 and password2 and password1 != password2: raise forms.ValidationError("Passwords don't match") return password2 def save(self, commit=True): # Save the provided password in hashed format user = super(UserCreationForm, self).save(commit=False) user.set_password(self.cleaned_data["password1"]) if commit: user.save() return user class UserChangeForm(forms.ModelForm): """ A form for updating users. Includes all the fields on the user, but replaces the password field with admin's password hash display field. """ password = ReadOnlyPasswordHashField() class Meta: model = MyUser fields = ['email', 'password', 'date_of_birth', 'is_active', 'is_admin'] def clean_password(self): # Regardless of what the user provides, return the initial value. # This is done here, rather than on the field, because the # field does not have access to the initial value return self.initial["password"] class MyUserAdmin(UserAdmin): # The forms to add and change user instances form = UserChangeForm add_form = UserCreationForm # The fields to be used in displaying the User model. # These override the definitions on the base UserAdmin # that reference specific fields on auth.User. list_display = ('email', 'date_of_birth', 'is_admin') list_filter = ('is_admin',) fieldsets = ( (None, {'fields': ('email', 'password')}), ('Personal info', {'fields': ('date_of_birth',)}), ('Permissions', {'fields': ('is_admin',)}), ) # add_fieldsets is not a standard ModelAdmin attribute. UserAdmin # overrides get_fieldsets to use this attribute when creating a user. add_fieldsets = ( (None, { 'classes': ('wide',), 'fields': ('email', 'date_of_birth', 'password1', 'password2')} ), ) search_fields = ('email',) ordering = ('email',) filter_horizontal = () # Now register the new UserAdmin... admin.site.register(MyUser, MyUserAdmin) # ... and, since we're not using Django's built-in permissions, # unregister the Group model from admin. admin.site.unregister(Group) Once done with the admin.py file, specify the custom model as your default user model using the AUTH_USER_MODEL variable in your settings.py file.
AUTH_USER_MODEL = 'customauth.MyUser' 6 Comments
saurabh
Thanks I had this confusion only about using MyUserAdmin. Also can I use authenticate function defined in django user model or I have to define it again in Myusermodel to authenticate any user who surfs my site. @sgarza62
sgarza62
If your custom User model includes a
username field, then Django's built-in authenticate() method will suffice. If your User model only includes, say, an email as the unique identifier, then you'll have to specify the email as the USERNAME_FIELD inside the User class. Please read through the following two exchanges for more information: [1] stackoverflow.com/questions/16689056/… [2] groups.google.com/forum/#!topic/django-users/4lNWuyv16hgsaurabh
Its still not working I mean after logging in admin as superuser I get the following I mean I logged in successfully but it says > Site administration >You don't have permission to edit anything
sgarza62
What version of Django are you using? If it's anything older than 1.7, then in your
urls.py file, from django.contrib import admin, then add admin.autodiscover() to your project's urls.py file, before declaring your urlpatterns. Link to docs: docs.djangoproject.com/en/1.6/ref/contrib/admin/…sgarza62
After you've done that, if you're still having permission problems, then it could be that your custom User model needs permissions to be defined. Subclass the
PermissionsMixin in your User model (docs.djangoproject.com/en/1.6/topics/auth/customizing/…) as shown in the code of this answer (stackoverflow.com/a/15605899/1337422) |