2

I am using Django 2.1 and my project is ready for production. Is there a way that i can set settings.DEBUG == True only for superuser and show a default 500 internal server error for normal users. I have tried to write a middleware, but it seems not working. I do not want to use sentry(as recommended at many places). my middlewares.py is:

import sys
from django.views.debug import technical_500_response
from django.conf import settings
from django.contrib.auth import get_user_model

user = get_user_model()  #I am using CustomUser model not Django user model

class UserBasedExceptionMiddleware(object):
def __init__(self, get_response):
    self.get_response = get_response

def __call__(self, request):
    return self.get_response(request)

def process_exception(self, request, exception):
    if request.user.is_superuser:
        return technical_500_response(request, *sys.exc_info())

I have also loaded my middleware in.

MIDDLEWARE = ['myproject.middlewares.UserBasedExceptionMiddleware',]
Abhimanyu Singh
  • 369
  • 4
  • 20
  • 2
    A 500 error indicates an unhandled exception, so you can't rely on the authentication framework to determine if the user is really a superuser. DEBUG=True is **only** meant for development, for both security and performance reasons. I would recommend that you find some other approach to whatever problem you are trying to solve. – Håken Lid Jan 05 '19 at 11:23
  • As you know that DEBUG=True gives the whole traceback of the error. So I was trying to achieve this trackback only for superuser and not for any other user. Can you point me to some other method or packages that can show full traceback of error only for superuser. Thanks – Abhimanyu Singh Jan 05 '19 at 11:29

2 Answers2

0

I think it's impossible. The settings file is settled from the very beginning of the Django website running, but the authentication checking part is in views functioning or template rendering, which is way more later and there's no way to change the settled settings.

ming
  • 427
  • 1
  • 5
  • 14
-1

I have found a way to DEBUG application using development server without changing DEBUG. For this I made a debug_setting.py file (where my settings.py file is located).

In my debug_setting.py:

from .settings import *
DEBUG = True

Then in terminal using:

python manage.py runserver --settings=myproject.debug_setting 0.0.0.0:5000

We can see traceback of the error of our application without changing DEBUG=True for our production.

Update:

Alternatively we can also use django's Error Reporting system which would automatically mail 500 and 404 errros with the whole traceback to the mail addresses described in ADMINS = [] and MANAGERS = []. For this feature we need to smtp settings like EMAIL_HOST, EMIL_HOST_UESR, EMAIL_HOST_PASSWORD. Details are here https://docs.djangoproject.com/en/3.0/howto/error-reporting/

Abhimanyu Singh
  • 369
  • 4
  • 20
  • Note: this is NOT doing what you asked in the Question. This is launching Django a different way. Django will actually *behave* the same way for normal and admin users when launched this way. (Or ... to put it another way ... your Answer demonstrates that yours was an [XY Problem](https://en.wikipedia.org/wiki/XY_problem).) – Stephen C Aug 05 '21 at 01:14