I'm currently experiencing an issue with a project using django 1.3.1 and it's admin interface (just your friendly neighborhood django.contrib.admin). The project's been going on for a while, and the only accounts with staff status have always been superuser accounts.
This has changed. The customer requested accounts with more granular permission settings. I tried setting this up by disabling the superuser status for the specified accounts, and manually setting the appropriate rights. The admin interface seems to completely ignore the manually specified rights when the user logs in. Even with all rights specified, the user is denied access to any content (though he can still log in to the admin interface).
this issue doesn't seem to be related to the django version, because i tried a quick temporary upgrade to 1.3.3 and even 1.4. No luck...
I have no problem sharing some of the project code to help trace the issue, but quite frankly I'm at a loss to figure out what the problem could be. I would greatly appreciate some pointers.
Here is an example of solving this issue based on yassam's answer above. The code I had that was causing the problem:
class MyCustomModelBackend(object):
def authenticate(self, username=None, password=None):
try:
user = User.objects.get(username__iexact=username)
if user.check_password(password):
return user
except User.DoesNotExist:
return None
To solve this issue, update it to to derive from django.contrib.auth.backends.ModelBackend:
from django.contrib.auth.backends import ModelBackend
class MyCustomModelBackend(ModelBackend):
def authenticate(self, username=None, password=None):
try:
user = User.objects.get(username__iexact=username)
if user.check_password(password):
return user
except User.DoesNotExist:
return None