1👍
✅
You should never assume that request.POST.get(...) could give you right data type. What you get back is an unicode. So, bool('True') is True and bool('False') is also True. In your case it will always True. There is not clear why old_user.is_staff can not be updated to True. What you could try now ist that you call old_user.save() after staff_form.save() :
if request.POST.get('authorized')=='True':
old_user.is_staff = True
else:
old_user.is_staff = False
staff_form.save()
old_user.save()
0👍
@trantu’s answer explains the problem with your code, but you should never check if the user is authorised by checking the POST parameters, as a user can post whatever they want with the form.
You should use something like this instead:
if request.user.is_staff(): # Or admin, or checking the permissions of the user.
Source:stackexchange.com