I have the situation of permits the access to admin interfaces to three types of users: - Admin - Supervisor - Agent
It's a situation hierarchycal, the admin is one (the superuser) and it's creates the supervisors, and the supervisors create the agents.
All them can login to django admin with distincts authorizations.
The login has managed by 'django.contrib.auth' with the default model auth_user (.
from django.contrib.auth.models import User
class Supervisor(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
e_mail = models.EmailField(max_length=60, db_column='E-Mail',blank=True)
...other fields....
class Admin(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
e_mail = models.EmailField(max_length=60, db_column='E-Mail',blank=True)
...other fields...
But, there is a problem. If I allow the supervisor to create an agent implies that I must add the authorization to ADD and CHANGE the table USER. And this is dangerous, any supervisors could become a superuser, deleting users, etc etc....
How can I resolve this problem?? Is it possible to permit the supervisor to create an Agent without that he can be dangerous??
Thanks
EDIT
I have a doubt... in models.py during a definition of class I written this method:
def save(self):
self.user.is_staff = True
self.user.save()
super(Agent, self).save()
In Java, the method of EJB it was transactional/atomic (the commit is automatic)... In django, I have to call the method save().
It is a question different from the previous.....
Don't know if I got to understand your problem. But, if I did, you could edit the user creation form.
@admin.register(User)
class UserAdmin(BaseUserAdmin):
view_on_site = False
list_display = ('username', 'first_name', 'last_name', 'is_active', 'is_staff', 'date_joined', 'last_login')
list_filter = ('is_staff', )
fieldsets = (
('Data', {'fields': ('username', 'email', 'first_name', 'last_name', 'password')}),
('Activation/Deactivation', {'fields': ('is_active', )}),
('Permissions', {'fields': ('is_staff', 'groups', )})
)
As superuser
is not an option anymore, your supervisors can't became superusers.
Let me know if this helps. Maybe we can get closer to the solution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.