Experiencing multiple redirections

godofflashiness · February 15, 2024, 12:27pm

Upon logging in as a user, the system functions correctly, but I’m experiencing multiple redirections. Additionally, please review my approach to implementing multi-user authentication and provide feedback to help resolve this issue.

decorators.py

from django.http import HttpResponse
from django.shortcuts import redirect

def unauthenticated_user(view_func):
    def wrapper_func(request, *args, **kwargs):
        if request.user.is_authenticated:

            return redirect('dashboard')
        else:
            return view_func(request, *args, **kwargs)
    return wrapper_func

def allowed_users(allowed_roles=[]):
    def decorator(view_func):
        def wrapper_func(request, *args, **kwargs):
            group = None
            if request.user.groups.exists():
                group = request.user.groups.all()[0].name

            if group in allowed_roles:
                return view_func(request, *args, **kwargs)
            else:
                return HttpResponse('You are not authorized to view this page')
        return wrapper_func
    return decorator

def admin_only(view_func):
    def wrapper_function(request, *args, **kwargs):
        group = None
        if request.user.groups.exists():
            group = request.user.groups.all()[0].name

        if group in ['patient', 'doctor', 'staff']:
            return redirect(f'{group}-dashboard')  # Redirect based on the group name

        if group == 'admin':
            return view_func(request, *args, **kwargs)

    return wrapper_function

views.py


from django.shortcuts import render, redirect
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import Group

from .decorators import unauthenticated_user, allowed_users, admin_only
from .forms import CreateUserForm

@login_required(login_url='login')
@admin_only
def dashboard(request):
    return render(request, 'users/dashboard.html')

@unauthenticated_user
def userLogin(request):
    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')

        user = authenticate(request, username=username, password=password)

        if user is not None:
            login(request, user)
            return redirect('dashboard')

    return render(request, 'users/login.html')

@unauthenticated_user
def userSignup(request):
    form = CreateUserForm()

    if request.method == 'POST':
        form = CreateUserForm(request.POST)
        if form.is_valid():
            user = form.save()
            group = Group.objects.get(name='patient')
            user.groups.add(group)
            return redirect('login')

    context = {'form': form}
    return render(request, 'users/signup.html', context)

def logoutUser(request):
    logout(request)
    return redirect('login')

def userPage(request):
    return render(request, 'users/user.html')

@login_required(login_url='login')
@allowed_users(allowed_roles=['doctor'])
def doctorDashboard(request):
    return render(request, 'users/doctor/doctor_dashboard.html')

@login_required(login_url='login')
@allowed_users(allowed_roles=['patient'])
def patientDashboard(request):
    return render(request, 'users/patient/patient_dashboard.html')

@login_required(login_url='login')
@allowed_users(allowed_roles=['staff'])
def staffDashboard(request):    
    return render(request, 'users/staff/staff_dashboard.html')

def landingPage(request):
    return render(request, 'users/landing_page.html')

[15/Feb/2024 17:53:18] "POST /login/ HTTP/1.1" 302 0
[15/Feb/2024 17:53:18] "GET /dashboard/ HTTP/1.1" 302 0
[15/Feb/2024 17:53:19] "GET /patient/ HTTP/1.1" 200 1618

KenWhitesell · February 15, 2024, 1:33pm

I suggest you use the methods that Django provides, rather than creating your own.

The Django group and permission structure forms the framework of a Role-Based Access Control system.

A Permission is required to access a view. Permissions are assigned to Groups. (They may also be assigned to users as a special case.) You do not directly test for group membership.

For example, you may wish to create permissions named view_doctor_dashboard, view_patient_dashboard, and view_staff_dashboard.

You then assign those permissions to the “doctor”, “patient” and “staff” groups respectively.

Then, you use the permission_required decorator on the view to verify that the individual has the appropriate permissions.

For your login view, I suggest using the system-provided LoginView. In that view, you can override the get_default_redirect_url method to direct the user to a dashboard view of your choice.

Topic		Replies	Views
Applying decorator on a custom view from the urls.py file Forms & APIs	1	593	March 10, 2023
Apply UserPassesTest to url namespace ? Forms & APIs	3	330	August 17, 2023
Django Rest Framework Multyple Users Using Django	2	2259	December 27, 2021
Implementing login view using django view. Getting Started	2	606	July 18, 2023
Login_required decorator redirecting to login page even after successful login(i made a custom user model) Forms & APIs	4	118	September 13, 2024

Experiencing multiple redirections

Related topics