[Django]-Defining two different extension to the User model

2đź‘Ť

âś…

I would like to be able to login/authenticate a User either as a “store” or a “customer”.

Is there a way to make this work with the above model?

Yes, but.

http://docs.djangoproject.com/en/1.2/topics/auth/#storing-additional-information-about-users

If you want to use the automatic features, you get one (single) Profile class object associated with a User.

If you don’t want to use the automatic profile features, it will work just fine. You won’t be able to use the AUTH_PROFILE_MODULE setting or the get_profile() method of
a User. You’ll be forced to write a lot of

try:
    CustomerProfile.objects.get( user=request.user )
except CustomerProfile.DoesNotExist:
    # hmmm.  Must be a Store, not a Customer.

It’s not too bad, since it’s mostly going to be one generic function to fetch the related
profile “the hard way”.

I will also be looking at the @login_required decorator to differentiate between store that is logged in and a customer. Any advice on how to proceed?

  1. Add a save() method to each class which checks for the existence of the object object. If you attempt to create a CustomerProfile for a User, the CustomerProfile.save() will check for a StoreProfile and raise an exception if it exists.

    The two relationships are exclusive. You need to assure this in your various models.

  2. Write two decorators, you’ll be happier. They have a fair amount of overlap, but it’s nicer to write many simple parameter-free decorators than to work up an uber-decorator.

    @customer_required and @store_required. Each will do what @login_required does as well as determine which relationship with the User has a record. customer_required must check for a CustomerProfile relationship with the User. store_required checks for a StoreProfile relationship with the user.


http://docs.djangoproject.com/en/1.2/topics/auth/#groups

On the other hand, you have Groups defined within Django. I’d recommend that you make use of the groups and the group names instead of trying to have super-fancy profiles like this.

Have one “master” Profile with all the attributes.

Use the Django Group table to define your various roles (“User”, “Store”) and allocate users to groups correctly.

Then check for the Group Name in your @store_required and @customer_required authorization decorators.

👤S.Lott

2đź‘Ť

AFAIK this can’t be done. But you can try this:

class UserProfile(models.Model):
    user = ForeignKey(User, unique=True)
    store = OneToOneField(Store, blank=True, null=True)
    customer = OneToOneField(Customer, blank=True, null=True)

and set only one of store or customer when creating profile for user.

👤gruszczy

0đź‘Ť

How you extend the User model with new foreign table needn’t change how you approach this – so this is fine.

One way to approach this is to use the login_required logic, but also assign permissions in Django’s authentication to users when they are created – one for store and one for customer. Otherwise, you could just write a utility function to determine their membership based on their presence in the foreign table. For more info, see http://docs.djangoproject.com/en/dev/topics/auth/

👤dfb

Leave a comment