Django Rest框架中的用户注册

Question

I am creating a server side for android application in DRF which will require user registration and login\\logout endpoints. also obviously different permissions when a user logged in.

I followed the rest framework tutorial here - http://www.django-rest-framework.org/tutorial/1-serialization/ and this example really seeme to cover it all beside the user registration (creation).

In the tutorial they do it from the command line (and they create a superuser). I think the tutorial example is really good for my needs besides not having the registration endpoint.

My question are:

• what is the difference between a regular user and a superuser?
• How should I create a registration endpoint for users? I saw this example DjangoRestFramework - registering a user: difference between UserSerializer.save() and User.objects.create_user()? but I am not sure if it will work nicely because in the tutorial they create a superuser.

If it matters, my user model in actually a UserProfile model which includes the user model and added a phone_number...

Thanks a lot!

Answer 1

A regular user has different authorities from superuser and you should customize view for a specific user. Here is link for you to create user in django.

Hope it helps.

Answer 2

I've copied it from Django documentation as an answer for your first question.

One of the most powerful parts of Django is the automatic admin interface. Best thing is that you can customise it easily.

If logged in as a superuser, you have access to create, edit, and delete any object (models).

You can create staff user using staff flag. The “staff” flag controls whether the user is allowed to log in to the admin interface (ie, whether that user is considered a “staff member” in your organization). Since this same user system can be used to control access to public (ie, non-admin) sites, this flag differentiates between public users and administrators.

“Normal” admin users – that is, active, non-superuser staff members – are granted admin access through assigned permissions. Each object editable through the admin interface has three permissions: a create permission, an edit permission and a delete permission for all the models you had created.

Django's admin site uses a permissions system that you can use to give specific users access only to the portions of the interface that they need. When you create a user, that user has no permissions, and it's up to you to give the user specific permission

You can do something like this for the second question you've asked.

 from django.contrib.auth.models import User
 from rest_framework.views import APIView
 from rest_framework import status

 class Register(APIView):
    def post(self, request):
      user = User.objects.create(
                username=request.data.get('email'),
                email=request.data.get('email'),
                first_name=request.data.get('firstName'),
                last_name=request.data.get('lastName')
            )
     user.set_password(str(request.data.get('password')))
     user.save()
     return Response({"status":"success","response":"User Successfully Created"}, status=status.HTTP_201_CREATED)