I'm very new to Django.
I used allauth to make email verification and user management system simple.
I want a system where only admins (staff users) can signup users.
But as it is now signup page is only available for not logged in users.
How do I make signup page available only for logged in staff users in Django allauth?
What I tried:
I tried to add custom view, url and template to customize access to signup page and form.
I added this on urls.py:
path('accounts/signup/',views.user_register_view, name='signup'),
And this on views.py:
@login_required
def user_register_view(request):
if request.user.is_staff:
return render(request, "account/signup.html")
else:
reverse_lazy('users:dashboard')
And added a template file in template/account/signup.html, just copied the text from here: https://github.com/pennersr/django-allauth/blob/master/allauth/templates/account/signup.html
And added a custom text just to see if my custom template is viewed.
What happened is just that when I sign in as admin, it instantly redirects to the signup page despite I set LOGIN_REDIRECT_URL = 'users:dashboard' in settings.py
And while only admins can access the accounts/signup page, alle the fields disappeared. This is how it looks like when you view the source:
<br>THIS IS A CUSTOM TEMPLATE</br>
<h1>Sign Up</h1>
<p>Already have an account? Then please <a href="">sign in</a>.</p>
<form id="signup_form" method="post" action="/accounts/signup/">
<input type="hidden" name="csrfmiddlewaretoken" value="muuodB6QqTD1BBxfIj7VW16qvjx1S7OUwoUf0xBNy6WuaLSE03228uMRxjJ2COjJ">
<button type="submit">Sign Up »</button>
</form>
How do I make signup page available only for logged in staff users in Django allauth?
CodePudding user response:
I hope you mean that you want only staff to create a user account and restrict the sign up for normal users, you can simply do this by creating a user_create view and checking if the authenticated user has the role "staff" to use the view and deleting the sign up from the urls.py also you can do this by the Django admin panel if you have already allowed your staff to use it
CodePudding user response:
You can create a decorator to check if the user is an admin. For example, in a file called "decorators.py":
from functools import wraps
from django.http import HttpResponseRedirect
def admin_zone(view_func):
def _decorator(request, *args, **kwargs):
if request.user.is_staff:
return view_func(request, *args, **kwargs)
else:
return HttpResponseRedirect('/') #If the user is not an admint, return him where you want...
return wraps(view_func)(_decorator)
To use the decorator in your accounts urls you need a third party plugin called django-decorator-include https://github.com/twidi/django-decorator-include. Install it:
pip install django-decorator-include
Now, you can use your decorator from the urls.py:
from django.contrib import admin
from django.urls import path
from .decorators import admin_zone
from decorator_include import decorator_include
urlpatterns = [
path('admin/', admin.site.urls),
path('accounts/', decorator_include(admin_zone, 'allauth.urls')),
]
So, you are adding the "admin_zone" decorator to all the urls inside "allauth.urls".