Compare commits

...

3 commits

Author SHA1 Message Date
Qwann
30a072b7db Merge branch 'tobast-capture-admin' of git.eleves.ens.fr:cof-geek/django-allauth-ens into Qwann/archicubes 2018-08-04 18:15:34 +02:00
Théophile Bastian
9e679fe532 Update documentation accordingly 2018-05-10 11:50:21 +02:00
Théophile Bastian
44e26bb8de Add capture_login_admin view
This fixes a redirection loop causing an authenticated user which is
*not* staff accessing /admin to be loop-redirected between
/admin -> /admin/login -> /accounts/login

Also include some hideous basic page to show a message. This should not
be a problem; a non-admin user accessing /admin deserves hurting their
eyes.
2018-05-10 11:46:23 +02:00
3 changed files with 57 additions and 2 deletions

View file

@ -90,6 +90,9 @@ login and logout views of other applications. They redirect to their similar
``next`` is given along the initial request, user is redirected to this url on
successful login and logout.
If you need to do this for the admin site, you shoud use
``capture_login_admin`` instead, performing checks to avoid redirection loops.
This requires to add urls before the include of the app' urls.
For example, to replace the Django admin login and logout views with allauth's
@ -97,13 +100,13 @@ ones:
.. code-block:: python
from allauth_ens.views import capture_login, capture_logout
from allauth_ens.views import capture_login_admin, capture_logout
urlpatterns = [
# …
# Add it before include of admin urls.
url(r'^admin/login/$', capture_login),
url(r'^admin/login/$', capture_login_admin),
url(r'^admin/logout/$', capture_logout),
url(r'^admin/$', include(admin.site.urls)),

View file

@ -0,0 +1,32 @@
{% load i18n static %}
{% load account allauth_ens %}
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Error{% if request.site.name %} · {{ request.site.name }}{% endif %}</title>
<style>
body {
background-color: #ffffd8;
}
#messagebox {
max-width: 500px;
margin-left: auto;
margin-right: auto;
margin-top: 50px;
background-color: white;
border: 2px solid black;
border-radius: 15px;
padding: 25px;
}
</style>
</head>
<body>
<div id="messagebox">
{{ message }}
</div>
</body>
</html>

View file

@ -1,5 +1,8 @@
import django
from django.views.generic import RedirectView
from django.contrib import admin
from django.shortcuts import render
if django.VERSION >= (1, 10):
from django.urls import reverse_lazy
@ -23,3 +26,20 @@ class CaptureLogout(RedirectView):
capture_logout = CaptureLogout.as_view()
def capture_login_admin(request):
""" Redirect the user to allauth login page if they are not logged in, or
fails and display a message if they are logged in *but* are not
administrators """
if admin.site.has_permission(request):
return capture_login(request)
context = {
'message': ("The account you're authenticated with is not an "
"administrator account."),
}
return render(request,
"allauth_ens/simple_message.html",
context=context)