From 44e26bb8de5982bc1f8d210a0a177dfbbd2daa50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Bastian?= Date: Thu, 10 May 2018 11:42:52 +0200 Subject: [PATCH 1/2] Add capture_login_admin view This fixes a redirection loop causing an authenticated user which is *not* staff accessing /admin to be loop-redirected between /admin -> /admin/login -> /accounts/login Also include some hideous basic page to show a message. This should not be a problem; a non-admin user accessing /admin deserves hurting their eyes. --- .../templates/allauth_ens/simple_message.html | 32 +++++++++++++++++++ allauth_ens/views.py | 20 ++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 allauth_ens/templates/allauth_ens/simple_message.html diff --git a/allauth_ens/templates/allauth_ens/simple_message.html b/allauth_ens/templates/allauth_ens/simple_message.html new file mode 100644 index 0000000..2cb2d40 --- /dev/null +++ b/allauth_ens/templates/allauth_ens/simple_message.html @@ -0,0 +1,32 @@ +{% load i18n static %} +{% load account allauth_ens %} + + + + + + Error{% if request.site.name %} · {{ request.site.name }}{% endif %} + + + + + +
+ {{ message }} +
+ + diff --git a/allauth_ens/views.py b/allauth_ens/views.py index ea1a343..83036b7 100644 --- a/allauth_ens/views.py +++ b/allauth_ens/views.py @@ -1,5 +1,8 @@ import django from django.views.generic import RedirectView +from django.contrib import admin +from django.shortcuts import render + if django.VERSION >= (1, 10): from django.urls import reverse_lazy @@ -23,3 +26,20 @@ class CaptureLogout(RedirectView): capture_logout = CaptureLogout.as_view() + + +def capture_login_admin(request): + """ Redirect the user to allauth login page if they are not logged in, or + fails and display a message if they are logged in *but* are not + administrators """ + + if admin.site.has_permission(request): + return capture_login(request) + + context = { + 'message': ("The account you're authenticated with is not an " + "administrator account."), + } + return render(request, + "allauth_ens/simple_message.html", + context=context) -- 2.47.0 From 9e679fe5324771ee8ca552abbf6917650b32aba4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Bastian?= Date: Thu, 10 May 2018 11:50:21 +0200 Subject: [PATCH 2/2] Update documentation accordingly --- README.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 754fdf4..fff2b04 100644 --- a/README.rst +++ b/README.rst @@ -90,6 +90,9 @@ login and logout views of other applications. They redirect to their similar ``next`` is given along the initial request, user is redirected to this url on successful login and logout. +If you need to do this for the admin site, you shoud use +``capture_login_admin`` instead, performing checks to avoid redirection loops. + This requires to add urls before the include of the app' urls. For example, to replace the Django admin login and logout views with allauth's @@ -97,13 +100,13 @@ ones: .. code-block:: python - from allauth_ens.views import capture_login, capture_logout + from allauth_ens.views import capture_login_admin, capture_logout urlpatterns = [ # … # Add it before include of admin urls. - url(r'^admin/login/$', capture_login), + url(r'^admin/login/$', capture_login_admin), url(r'^admin/logout/$', capture_logout), url(r'^admin/$', include(admin.site.urls)), -- 2.47.0