-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVsS1aAAoJEC0ft5FqUuEhjaEP/i4VxSWbddRgzQDebh3VPQVZ
BFJYZ7ULvR9UEckQDhc/p3bfod2M8DPygs5RbmYXm6tx3IRakBRb2eU521XaAMIk
y5Wd1+0/lwOWpi36MNxHKCrVrWQaWPNQFbDl6BAr2sBxJ1GaHaGRBmYctkr7GJV0
kjv9uy8jT0L81haq9afy0ftYnCnm+j/JM41dF9VsXovN75iJpRRSedMBiHOloQB7
XsZVUMPGidras7r+lFY8NIPpBUQENMdZH8tNgjmYH3Kc5Fry+D76OXtveXcA7ggD
05t8xMOf6AYWHhoT5JiRj+FHGmfGB0WJuo1ChW37Hviz7dncQzDV2ijLQdMH535H
N57J6CjIg/HXVT/wU7lWeZHZy/zPIq0BHOkoLd9dUqnixplAXUNOmHfvjeaxFzs3
PqTW9z5xzdnFubgWiHBw/V2OS7aZWK5PQV24L7KTBskIkIVhhbqmOTWvDBJRit5H
8gT55+ipYUmUUWy8nhC7KjKYcFauhe07VcX2rtiM6n6G3JWP2GzuLjhxsJFoUk8o
YttArUro2GkmUmyiMgRBZO5RLMWlSjtsy/3Rpwu/kjDVrbSy228aPjcxqyT8pMai
snUjqHVewjUTKr7qQpHR0lEobzrejD3I4DH95mcPlSbuiMVNlpPq/twNrxeIwF9x
K4LhayhM4VWMRpN6C6sh
=cCle
-----END PGP SIGNATURE-----
Hi Carsten,
On 07/23/2015 11:41 AM, Carsten Fuchs wrote:
> Am 23.07.2015 um 18:49 schrieb Tim Graham:
>> The admin login only allows staff users to login so it makes sense to
>> me that if you
>> wanted to add regular user login to your site, it should have separate
>> URLs.
>
> I think what confuses me is the fact that (in the Auth app) there is
> only one User model, and the only difference between regular and staff
> users is the User.is_staff flag.
>
> For example, if a staff user logs out of the Admin, he is logged out as
> a regular user as well. If a regular user logs in via a custom login
> page, then browses to an Admin page, some kind of error report or
> redirect must occur.
>
> Given this, authentication is like a user-centric, site-wide feature
> rather than an app-specific one, isn't it?
Sure, the logged-in status of a given session is site-wide. But that
doesn't imply that there must be only a single login page, that always
looks the same and behaves the same. Normally on a Django site (with the
defaults) you'd have an admin login page which only allows staff users
to log in, and redirects them by default to the admin post-login, and is
styled to look like the admin. And you'd have a public login page which
allows any user to login, and redirects them by default to somewhere
else (not the admin) post-login.
There's no contradiction between having two (or more!) such login pages,
and the fact that once a user logs in with either of those login pages,
they are logged in to the whole site.
Of course it's _possible_ to have just a single login page instead, if
you want that, but it's not at all clear to me that that's better. I
prefer to keep the admin relatively separate from the public site.
And I think the same is true for password-reset etc. I'd prefer to leave
the admin with its own pages, styled consistently with the rest of the
admin, and design my own pages for public users, consistent with the
design of the rest of the public site.
>> As for the template issue, it seems to me the
>> admin/template/registration templates
>> should be more like admin/login.html and namespaced under admin so
>> that if you want to
>> implement a non-admin password reset, you don't have a conflict in the
>> template names
>> (see the ticket below for an example).
>>
>> https://code.djangoproject.com/ticket/20372
>>
>
> Well, I am quite happy about the admin using the registration/...
> templates by default: With the view that authentication is user- rather
> than app-specific, I recently made my admin and regular logins look
> identical, which worked very well.
> So ticket 20372 is quite the opposite of my view. ;-)
Presuming we made the admin use its own templates for all of this, you
could achieve what you want by also overriding the admin templates and
just making them inherit everything from your templates. A tiny bit of
boilerplate, but not much.
I think the preferable default is to have the admin separate.
Carl
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/55B12D5A.50409%40oddbird.net.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment