Make an element on a page visible only to logged in users

[chanman]

I want to have a page look different for users who are logged in and those who aren't. For users that are signed in the page will have a sidebar with account management options. For users who aren't signed in, this sidebar shouldn't show up. The most obvious way to do this would be to have a common layout inherited by the member viewable and outsider viewable pages. But is there a way to do this by having some kind of optional component on the page?

[Mike Dewhirst]

On 22/08/2018 9:05 AM, chanman wrote:
> I want to have a page look different for users who are logged in and
> those who aren't.

This is the "normal" way to do things

> For users that are signed in the page will have a sidebar with account
> management options. For users who aren't signed in, this sidebar
> shouldn't show up. The most obvious way to do this would be to have a
> common layout inherited by the member viewable and outsider viewable
> pages. But is there a way to do this by having some kind of optional
> component on the page?

In the page you would have something like ...

{% if user.has_usable_password %} display side bar with account
management options {% endif %}

The question then becomes how do you get user into the page. You
probably know the answer but in case not, in your view - the first
argument is always request - you include request.user in the rendering
context as 'user' ie., context['user'] = request.user

hth

mike
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users...@googlegroups.com
> <mailto:django-users...@googlegroups.com>.
> To post to this group, send email to django...@googlegroups.com
> <mailto:django...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/88655d5f-e431-4ab6-a957-f0e53097df12%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/88655d5f-e431-4ab6-a957-f0e53097df12%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

[Olivier Pons]

Hi,

I disagree with Mike Dewhirst answer, here's mine.

The simplest way is in the template, to see if it's logged in:

{% if user.is_authenticated %}

Then maybe a much more powerful way is to write your right management this way: first you write what you need beginning with "has_right_" like

{% if user.person.has_right_modify_account %}{% endif %}
{% if user.person.has_right_view_customers %}{% endif %}

and so on.

Then you create your "role" model (which implies the rights to do something), and the "person" model that has a user foreign key:

class Role(BaseModel):
    R_TYPE_SUPER_ADMIN = 1
    R_TYPE_ADMIN = 2
    R_TYPE_EMPLOYEE = 3

    TAB_R_TYPE = {
        R_TYPE_SUPER_ADMIN: _("Super-admin"),
        R_TYPE_ADMIN: _("Co-branding admin"),
        R_TYPE_EMPLOYEE: _("Co-branding employee"),
    }
    authorization_level = models.IntegerField(
        choices=[(a, b) for a, b in list(TAB_R_TYPE.items())],
        default=R_TYPE_CO_BRANDING_EMPLOYEE)

    def authorization_level_description(self):
        return Role.TAB_R_TYPE[self.authorization_level]

    description = models.CharField(max_length=200, default=None,
                                   blank=True, null=True)

    def __str__(self):
        return str(self.description) if self.description is not None else '?'



class Person(models.Model):
    user = models.ForeignKey(User)
    roles = models.ManyToManyField(Role)

And then, in that "Person" class, you implement the functions you called in the template: has_right_modify_account and has_right_view_customers:

class Person(models.Model):
    user = models.ForeignKey(User)
    roles = models.ManyToManyField(Role)
    def has_right_modify_account(self):

        # only admin and super admin
        return len(self.roles.all() & [Role.R_TYPE_SUPER_ADMIN, Role.R_TYPE_ADMIN]) > 0

    def has_right_view_customers(self):
        # everybody = at least one role:
        return len(self.roles.all()) > 0

I'm pretty sure that code wont work out of the box, but you can fix it easily.