Re: Auth System: clarification on usage

2013-03-17 Thread Russell Keith-Magee
On Mon, Mar 18, 2013 at 5:49 AM, fire_water  wrote:

> Hello,
>
> I am fairly new to Django but have started developing my first app. The
> app will require the general public to create an account before being
> allowed to post comments on the website.
>
> After reading through The Django 
> Bookand The
> Docs  , I think
> Django's built-in User Authentication system might be the tool I need. If
> so, I am a bit confused on the intended purpose of the Auth System probably
> because I am used to only using it with Django's built-in Admin app.
>
> I am seeking clarification on the following points of confusion:
>
> 1. When I think of Django user authentication, I think of a very limited
> number of special people (admins) with permission to access the Django
> admin site. "Special people only"
>
> 2. When I think of allowing the general public to create an account and
> authenticate with my website, I see that as something completely separate
> from the Admin site and all of it's associated database tables.
> Immediately, I think of creating a "users" table in myapp/models.py.
> "General public only"
>
> But it almost sounds like admin and public accounts are both handled by
> the Auth System and therefore live in the same database table. I would like
> to get a solid understanding of this before I proceed any further with my
> app. Thanks in advance for any clarification you can provide!


People visit your site. Each of them gets a User account. Some of them are
staff, and have permission to view staff portions of the site (e.g., admin)
or perform other administrative actions (e.g., workflows on the main site
that don't exist for normal users). Others can only view the main site (or
specific parts of the main site).

You might have some special reason for wanting two different user tables,
but as a general principle, I can't say I see the point. If you've got
multiple user tables, then admin users who want to use the site need a
second, completely separate account. You then need to track the correlation
between Normal User accounts and Admin User accounts.

It also means that content needs to be owned either by an admin user or a
normal user. For example, consider a comment system -- comments have an
author, but that author is a foreign key to a single table. If you've got
two User tables, you can only link to one of them, so either admin users
can't create comments, or admin users need two user accounts.

So - in summary - although Django's admin users the auth.User model and
table, there's nothing admin specific about it. It's a general purpose user
table, and you can (and should) use it for your general site authentication.

Yours,
Russ Magee %-)

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.




Auth System: clarification on usage

2013-03-17 Thread fire_water
Hello,

I am fairly new to Django but have started developing my first app. The app 
will require the general public to create an account before being allowed 
to post comments on the website.

After reading through The Django 
Bookand The 
Docs  , I think 
Django's built-in User Authentication system might be the tool I need. If 
so, I am a bit confused on the intended purpose of the Auth System probably 
because I am used to only using it with Django's built-in Admin app.

I am seeking clarification on the following points of confusion:

1. When I think of Django user authentication, I think of a very limited 
number of special people (admins) with permission to access the Django 
admin site. "Special people only"

2. When I think of allowing the general public to create an account and 
authenticate with my website, I see that as something completely separate 
from the Admin site and all of it's associated database tables. 
Immediately, I think of creating a "users" table in myapp/models.py. 
"General public only"

But it almost sounds like admin and public accounts are both handled by the 
Auth System and therefore live in the same database table. I would like to 
get a solid understanding of this before I proceed any further with my app. 
Thanks in advance for any clarification you can provide!

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.