Greetings!
I’m new to Django, I created several simple projects following tutorials and I’m ready to start building a real project. I need to build an application for my organization, so it should be password protected, however I need somehow to allow to register and log in my coworkers only, I need somehow to prevent a possibility to register and login for others.
Please advice how I can achieve that in Django.
Thanks in advance.
You’ve got at least three options -
Set the is_active attribute to False when a new user registers. You can then review all users with is_active == False, and delete (or simply ignore) the improper entries.
Create your own “Registration workflow”, such that people registering create an entry in a different model (not your User model). Then code a page for yourself to approve these entries, where that approval process copies the data from that temporary model to User.
Don’t provide a public registration page at all. Make people send you an email to register them. You create the User entry with an invalid password. They go through the “Reset password” process to enter their password.
I’m sure there are others, but I’ve used all three of these at one time or another.
Thank you Ken!
The third one looks the easiest, I’ll try it.
Regarding the first option. Where do I set the default is_active = False? Somewhere in Django settings?
You would do this in your registration view, it’s not a setting you can change.
The AbstractUser model has that field defined with default=True. If you’re creating a custom user model that inherits from AbstractUser, you could redefine that field with default=False.
If you’re creating your User from AbstractBaseUser, then you would need to define it as a field anyway, because AbstractBaseUser defines is_active as a class attribute and not a model field.
Thanks. Sounds too complicated for me at this stage. )