Prevent users created through self-registration from automatically having access to users. #57

fyliu · 2024-05-30T21:42:47Z

Overview

As a user I want my information protected by having an administrator in charge of who gets to view my information.

Solution

Add this code to views.py:

class IsStaffUser(BasePermission):
    """
    Custom permission to only allow staff users.
    """

    def has_permission(self, request, view):
        # Check if user is authenticated and is_staff is True
        print("Debug user", request.user.is_staff, request.user.is_authenticated, request.user.is_superuser, request.user.is_active, request.user.is_anonymous, request.user.username, request.user.email, request.user.first_name, request.user.last_name, request.user.is_staff, request.user.is_superuser, request.user.is_active)
        print(request.user.__dict__)
        return request.user.is_staff
    
class IsStaffUserOrReadOnly(BasePermission):
    """
    Custom permission to only allow staff users.
    """

    def has_permission(self, request, view):
        # Check if user is authenticated and is_staff is True
        return request.user.is_staff or request.method in SAFE_METHODS 
    
Then change permission_classes[IsAuthenticated] to permision_classes[IsStaffUser]

The text was updated successfully, but these errors were encountered:

fyliu closed this as completed May 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent users created through self-registration from automatically having access to users. #57

Prevent users created through self-registration from automatically having access to users. #57

fyliu commented May 30, 2024

Prevent users created through self-registration from automatically having access to users. #57

Prevent users created through self-registration from automatically having access to users. #57

Comments

fyliu commented May 30, 2024

Overview

Solution