Problem: Any logged-in user can access Django Admin panel
Question
I have my account with is_superuser = 1 and other users with is_superuser = 0 and is_staff = 0 . But Django does not restrict access to "not-staff" users. So, any logged-in user can access admin panel.
From Django documentation:
By default, logging in to the admin requires that the user has the is_superuser or is_staff attribute set to True.
But this does not work. I do not have any changes in admin settings. Except custom admin panel URL:
from django.contrib import admin
urlpatterns = [
path('my-admin/', admin.site.urls),
]
So where can be the problem with not working Django restrictions?
Django==2.2.4
Database: MySQL
1 answers
solution1
0 ACCPTED 2019-08-14 14:50:17
The problem was because in MySQL database field_type for is_superuser was Text . I changed the field type to TINYINT(1) (boolean type) and now Django does not allow all users to access Admin (except superuser).
So be very careful when switching from SQLite to MySQL in Django project! You will meet with a lot of bugs like this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.