1

I'm currently experiencing an issue with a project using django 1.3.1 and it's admin interface (just your friendly neighborhood django.contrib.admin). The project's been going on for a while, and the only accounts with staff status have always been superuser accounts.

This has changed. The customer requested accounts with more granular permission settings. I tried setting this up by disabling the superuser status for the specified accounts, and manually setting the appropriate rights. The admin interface seems to completely ignore the manually specified rights when the user logs in. Even with all rights specified, the user is denied access to any content (though he can still log in to the admin interface).

this issue doesn't seem to be related to the django version, because i tried a quick temporary upgrade to 1.3.3 and even 1.4. No luck...

I have no problem sharing some of the project code to help trace the issue, but quite frankly I'm at a loss to figure out what the problem could be. I would greatly appreciate some pointers.

mephisto
  • 661
  • 1
  • 6
  • 14
  • What do you mean by manually setting appropriate right? Do you mean you specified the Permissions via the admin interface? If the user is not superuser and is able to login, and has appropriate permissions, he should be able to view/ change/ add the models, unless you have overridden any of the modle / admin methods. – Divick Sep 24 '12 at 16:15
  • that is, in fact, exactly my problem. i try to specify the permission in the "edit user" page of the admin interface. The user is not superuser, is able to login, has *all* available permissions, but still can't view/change/add anything at all. I checked for any unusual overrides, but that doesn't seem to be the case. at any rate, i wouldn't expect something like that to mess up all the rights. I'm afraid it isn't that simple, which is why I'm pretty much stumped at this point. – mephisto Sep 24 '12 at 16:22

2 Answers2

1

Are you using your own authentication backend? If so, does your backend class derive from django.contrib.auth.backends.ModelBackend?

I discovered the same problem in my code today, and the problem turned out to be that my backend was derived from object. In particular, my backend didn't implement some of the functions used by the admin code (such as has_module_perms).

Either derive your backend from django.contrib.auth.backends.ModelBackend, or make sure that all the functions needed by the admin code are defined in your backend.

yassam
  • 533
  • 1
  • 6
  • 15
  • Damn. It would've taken me forever to track that down. Thanks a lot! I guess this is the sort of thing I can expect, trying to maintain projects originally set up by freelancers. Why anyone would write a minimal auth backend and let it inherit from object is beyond me, but that's exactly what they did. – mephisto Sep 26 '12 at 10:10
1

Here is an example of solving this issue based on yassam's answer above. The code I had that was causing the problem:

class MyCustomModelBackend(object):

    def authenticate(self, username=None, password=None):
        try:
            user = User.objects.get(username__iexact=username)
            if user.check_password(password):
                return user
        except User.DoesNotExist:
            return None

To solve this issue, update it to to derive from django.contrib.auth.backends.ModelBackend:

from django.contrib.auth.backends import ModelBackend

class MyCustomModelBackend(ModelBackend):

    def authenticate(self, username=None, password=None):
        try:
            user = User.objects.get(username__iexact=username)
            if user.check_password(password):
                return user
        except User.DoesNotExist:
            return None
Brendan Nee
  • 5,087
  • 2
  • 33
  • 32