时间戳

首页 > 解决方案 > Django:默认情况下如何停止给予新用户员工状态和超级用户状态

python - Django:默认情况下如何停止给予新用户员工状态和超级用户状态

问题描述

当我注册一个新用户时,我可以在管理页面上使用我的超级用户帐户登录。错误是“请为员工帐户输入正确的用户名和密码。请注意,这两个字段可能区分大小写”。

我发现新用户默认拥有员工状态和超级用户状态的权限。我可以在新用户帐户中登录管理页面。所以,我认为登录错误的发生是因为默认授予新用户 Staff 和 Superuser 权限。

我以为这些代码

password1 = forms.CharField(max_length=30, required=False, help_text='Optional', widget=forms.TextInput(attrs={'placeholder': 'Password'}))
password2 = forms.CharField(max_length=30, required=False, help_text='Optional', widget=forms.TextInput(attrs={'placeholder': 'Repeat your password'}))在 forms.py 中是原因。所以我尝试向他们注册,而不是向他们注册。但是,结果是一样的。

  1. 如何使新用户只有活动状态权限,而不是默认的员工和超级用户权限?
  2. 我对管理员登录错误的假设是否正确?2-1)如果不是,如何解决这个问题?

这是views.py

from django.shortcuts import render, redirect
from django.http import HttpResponse

from django.views.generic import TemplateView, CreateView
from django.contrib.auth.mixins import LoginRequiredMixin

from .forms import SignUpForm, ProfileForm
from django.urls import reverse_lazy
  
from .models import *
from django.contrib import messages


from django.contrib.auth import authenticate, login

def update_profile(request):

    if request.method == 'POST':
        form = SignUpForm(request.POST, instance=request.user)
        profile_form = ProfileForm(request.POST, instance=request.user.profile)

        if form.is_valid() and profile_form.is_valid():
            
            user = form.save()

            profile = profile_form.save(commit=False)
            profile.user = user
            
            profile.save()
            # username = form.cleaned_data.get('username')
            # password = form.cleaned_data.get('password1')
            # user = authenticate(request, username=username, password=password)
            return redirect('login')

    else:
        form = SignUpForm()
        profile_form = ProfileForm()
    
    context = {'form': form, 'profile_form': profile_form}
    return render(request, 'common/register.html', context)

这是forms.py

from django import forms
from django.contrib.auth.models import User
from django.contrib.auth.forms import UserCreationForm
from apps.userprofile.models import Profile

# from django.db.models import fields

# from django.db import models
# from django.shortcuts import render, redirect

class SignUpForm(UserCreationForm):

    first_name = forms.CharField(max_length=30, required=False, help_text='Optional', widget=forms.TextInput(attrs={'placeholder': 'Your first name'}))
    last_name = forms.CharField(max_length=30, required=False, help_text='Optional', widget=forms.TextInput(attrs={'placeholder': 'Your last name'}))
    email = forms.EmailField(max_length=254, required=False, help_text='Enter a valid email address', widget=forms.EmailInput(attrs={'placeholder': 'Your email'}))
    password1 = forms.CharField(max_length=30, required=False, help_text='Optional', widget=forms.TextInput(attrs={'placeholder': 'Password'}))
    password2 = forms.CharField(max_length=30, required=False, help_text='Optional', widget=forms.TextInput(attrs={'placeholder': 'Repeat your password'}))

    class Meta:
        model = User
        widgets = {
            'username': forms.TextInput(attrs={'placeholder': 'Username'})
        }
        fields = [
            'username', 
            'first_name', 
            'last_name', 
            'email',
            'password1',
            'password2', 
        ]

class ProfileForm(forms.ModelForm):
   
    class Meta:
        model = Profile
        fields= [ 'student_ID', 'CBNU_PW' ]
        widgets = {
            'student_ID': forms.TextInput(attrs={'placeholder': 'student_ID'}),
            'CBNU_PW': forms.TextInput(attrs={'placeholder': 'CBNU_PW'})
        }

这是模型.py

from django.db import models
from django.contrib.auth.models import User
from django.db.models.signals import post_save
from django.dispatch import receiver


class Profile(models.Model):

    user = models.OneToOneField(User, on_delete=models.CASCADE)
    student_ID = models.CharField(max_length=30, blank=True)
    CBNU_PW = models.CharField(max_length=30, blank=True)

    def __str__(self):
        return '%s %s' % (self.user.first_name, self.user.last_name)

@receiver(post_save, sender=User)
def create_user_profile(sender, instance, created, **kwargs):
    if created:
        Profile.objects.create(user=instance)

@receiver(post_save, sender=User)
def save_user_profile(sender, instance, **kwargs):
    instance.profile.save()

标签: pythondjango

解决方案

推荐阅读