Opened 13 years ago

Closed 19 hours ago

Last modified 19 hours ago

#17430 closed New feature (fixed)

Document access to the Django admin interface when using a custom backend

Reported by: ncoghlan@… Owned by: Maria Hynes
Component: Documentation Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The current auth docs aren't particularly clear on *exactly* what is needed to support the Django admin with a custom backend. Specifically, I had to do a lot of digging and experimentation to work out adequate settings for a User to be able to:

  1. Access the admin pages at all (i.e. is_active + is_staff)
  2. Actually edit the model data (through trial and error, I know that is_active + is_staff + is_super works, but I don't know if there are any other ways to achieve the same thing).

Change History (11)

comment:1 by Karen Tracey, 13 years ago

Could you say a bit more about where you looked and found docs lacking?

This bit: https://docs.djangoproject.com/en/1.3/topics/auth/#writing-an-authentication-backend does mention that "The Django admin system is tightly coupled to the Django User object described at the beginning of this document. For now, the best way to deal with this is to create a Django User object for each user that exists for your backend (e.g., in your LDAP directory, your external SQL database, etc.)" implying to use admin with a custom auth backend you still do want to be using standard django.contrib.auth Usesr objects, with all their attributes.

The descriptions for is_staff, is_active, is_superuser (https://docs.djangoproject.com/en/1.3/topics/auth/#django.contrib.auth.models.User.is_staff) all mention how admin uses them.

https://docs.djangoproject.com/en/1.3/topics/auth/#permissions describes how admin uses permissions to control how much access a user has to individual models in the admin site.

comment:2 by ncoghlan@…, 13 years ago

The problem is that they're scattered, so it's hard to be sure you've covered everything. What happened to me was that I had a bug in my auth backend, such that "is_staff" and "is_superuser" weren't being set correctly (they were always False). Initially I assumed I had missed something, so I was scouring the docs trying to work out what I had missed. It was only after convincing myself that I had actually found all the relevant pieces that I took a closer look at my own code and uncovered the bug.

A simple list of bullet points in the Custom Auth Backend section would have steered me in the right direction straight away (because I would have known I had covered everything, and hence I simply had a bug in the code I had already written rather than missing a step). With appropriate links to the specific sections, something like the following would make it crystal clear what you need to do to link the two together:

"To use the Django admin system with a custom authentication backend, the custom backend must do at least the following:

  • create Django User objects for any users that need to access the Django admin system
  • ensure "is_active" is set for each of those users
  • ensure that either "is_superuser" (for full access) or "is_staff" and the appropriate permissions (for limited access) are set for each of those users"

(That would probably replace the current sentence on the topic, since the two cover the same ground)

comment:3 by Karen Tracey, 13 years ago

Triage Stage: UnreviewedAccepted

comment:4 by Aymeric Augustin, 13 years ago

Component: UncategorizedDocumentation
Type: UncategorizedNew feature

comment:5 by Maria Hynes, 9 days ago

Owner: changed from nobody to Maria Hynes
Status: newassigned

comment:6 by Maria Hynes, 3 days ago

Has patch: set

comment:7 by Sarah Boyce, 3 days ago

Patch needs improvement: set

comment:8 by Sarah Boyce, 21 hours ago

Summary: Clearly document the permissions model for the Django admin interfaceDocument access to the Django admin interface when using a custom backend

comment:9 by Sarah Boyce, 21 hours ago

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:10 by Sarah Boyce <42296566+sarahboyce@…>, 19 hours ago

Resolution: fixed
Status: assignedclosed

In 7e759d9:

Fixed #17430 -- Documented access to the Django admin when using a custom auth backend.

comment:11 by Sarah Boyce <42296566+sarahboyce@…>, 19 hours ago

In c387d86:

[5.1.x] Fixed #17430 -- Documented access to the Django admin when using a custom auth backend.

Backport of 7e759d9af714b4db6735f7e53f62a5933a6260b8 from main.

Note: See TracTickets for help on using tickets.
Back to Top