Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent users created through self-registration from automatically having access to users. #263

Closed
ethanstrominger opened this issue Feb 28, 2024 · 0 comments
Closed

Prevent users created through self-registration from automatically having access to users. #263

ethanstrominger opened this issue Feb 28, 2024 · 0 comments
Labels
complexity: missing ethan feature: missing role: missing size: missing stakeholder: missing

Comments

@ethanstrominger
Copy link
Member

Overview

As a user I want my information protected by having an administrator in charge of who gets to view my information.

Solution

Add this code to views.py:

class IsStaffUser(BasePermission):
    """
    Custom permission to only allow staff users.
    """

    def has_permission(self, request, view):
        # Check if user is authenticated and is_staff is True
        print("Debug user", request.user.is_staff, request.user.is_authenticated, request.user.is_superuser, request.user.is_active, request.user.is_anonymous, request.user.username, request.user.email, request.user.first_name, request.user.last_name, request.user.is_staff, request.user.is_superuser, request.user.is_active)
        print(request.user.__dict__)
        return request.user.is_staff
    
class IsStaffUserOrReadOnly(BasePermission):
    """
    Custom permission to only allow staff users.
    """

    def has_permission(self, request, view):
        # Check if user is authenticated and is_staff is True
        return request.user.is_staff or request.method in SAFE_METHODS 
    
Then change permission_classes[IsAuthenticated] to permision_classes[IsStaffUser]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: missing ethan feature: missing role: missing size: missing stakeholder: missing
Projects
P: PD: Project Board
Status: ✅Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ethanstrominger @ExperimentsInHonesty