how to check is staff is True before login into dashboard which i have created by myself in Django?

Question:

I have created a dashboard and in my dashboard superuser creates the username, password, and all this thing but in my dashboard, I want to check first the username is staff or not before login into the dashboard. how to do that? can anyone help me

from django.shortcuts import redirect, render
from django.contrib import auth, messages
from orderkitchen.models import kitchenData 
from django.contrib.auth.models import User

def login_dashboard(request):

    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = auth.authenticate(username = username, password = password)
        if user is not None:
            auth.login(request,user)
            messages.success(request, 'You are Logged in')
            return redirect('dashboard')
            
        else:
            messages.error(request,'Your Username or Password is incorrect')
            return redirect('login_dashboard')
        return
    else:
        return render(request,'accounts/dashboard_login.html')

def dashboard(request):
    return render(request, 'accounts/dashboard.html')

only the staff status is True then only then can logged in

enter image description here

Asked By: user13665352

||
Source

Answers:

When you authenticate a user, you get the User object through which you can access the is_staff field from the AUTH_MODEL.

user = auth.authenticate(username = username, password = password)
if user is not None:
    if user.is_staff:
        auth.login(request,user)
        messages.success(request, 'You are Logged in')
        return redirect('dashboard')
    else:
        # user is not staff
Answered By: Naeem Khan

You can check the status after authenticate if it returns not None as

from django.shortcuts import redirect, render
from django.contrib import auth, messages
from orderkitchen.models import kitchenData 
from django.contrib.auth.models import User

def login_dashboard(request):

    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = auth.authenticate(username = username, password = password)
        if user is not None and user.is_staff == True:
            auth.login(request,user)
            messages.success(request, 'You are Logged in')
            return redirect('dashboard')
        
        else:
            messages.error(request,'Your Username or Password is incorrect')
            return redirect('login_dashboard')
        return
    else:
        return render(request,'accounts/dashboard_login.html')

def dashboard(request):
    return render(request, 'accounts/dashboard.html')
Answered By: user8193706

You can do this in views.py:

@login_required
def dashboard(request):
    if request.user.is_staff == True:
        return render(request, 'dashboard.html')
    else:
        return redirect('/')

This method uses Django authentication wrapper first to make sure the user is logged-in.

You could also add the following to the dashboard.html file:

{% if request.user.is_authenticated %}
{% if request.user.is_staff %}
<div>
<p>Welcome to your Dashboard <b>{{request.user.email}}</b></p>
</div>
{% else %}
<!-- Show HTML content to other users here -->
{% endif %}
{% endif %}
Answered By: Olney1