How to separate user login session and admin login session in django
Question:
I have created small ecommerce website.
User can register and login also created custom admin panel for admin which can product add, update and delete. User and Admin both URLS is different. problem is that when user login into website after I’m hit admin URLS is directly redirect to admin dashboard that I want to prevent.
Here my panel app which can handle admin site link admin can add and update the product
def Login_Page(request):
if request.user.is_authenticated:
return redirect('dashboard')
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
try:
user = User.objects.get(username = username)
except:
messages.error(request,'User Does Not Exist !')
try:
vendor_authe = User_login.objects.get(user_auth=user, is_vendor_user='y',is_customer_user='n')
user = authenticate(request, username= username, password = password)
if user is not None:
login(request, user)
return redirect('dashboard')
else:
messages.error(request,'Username and Password Does Not Match. !')
except:
messages.error(request,'User not Found !')
else:
pass
context = {
}
return render(request,'panel/login.html',context)
Here my base app view.py which can handle user side login
# Create your views here.
def User_Login_Page(request):
if request.user.is_authenticated:
return redirect('home')
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
try:
user = User.objects.get(username = username)
except:
messages.error(request,'User Does Not Exist !')
try:
user_authe = User_login.objects.get(user_auth=user, is_vendor_user='n',is_customer_user='y')
user = authenticate(request, username= username, password = password)
if user is not None:
login(request, user)
return redirect('home')
else:
messages.error(request,'Username and Password Does Not Match. !')
except:
messages.error(request,'User not Found !')
else:
pass
context = {
'form_type':'user_login'
}
return render(request,'base/login.html', context)
Here base app urls.py
from django.contrib import admin
from django.urls import path, include
from . import views
urlpatterns = [
path('user-login/', views.User_Login_Page, name="user_login"),
path('user-registration/', views.User_Registration, name="user_registration"),
path('user-logout/', views.User_Logout, name="user_logout"),
path('', views.HomePage, name="home"),
]
Here panel app urls.py
from django.contrib import admin
from django.urls import path, include
from . import views
urlpatterns = [
path('', views.Login_Page, name="login_page"),
path('logout/', views.Vendor_logout, name="logout_page"),
path('dashbord/', views.Dashboard_Page, name="dashboard"),
]
Answers:
You can add the following validation in your dashboard view:
# Check if the user has staff status to view the page.
if request.user.is_staff:
# your code...
else:
messages.error(request,'You do not have the necessary permissions to view this page.')
To prevent the user from accessing the admin dashboard after logging in, you can add a check in your Login_Page view to see if the user logging in is an admin or not. If the user is an admin, then redirect them to the admin login page instead of the admin dashboard, like so:
def Login_Page(request):
if request.user.is_authenticated:
if request.user.is_staff:
return redirect('admin:login')
else:
return redirect('dashboard')
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
try:
user = User.objects.get(username=username)
except:
messages.error(request,'User Does Not Exist !')
return redirect('login_page')
try:
vendor_authe = User_login.objects.get(user_auth=user, is_vendor_user='y',is_customer_user='n')
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
if user.is_staff:
# User is an admin, redirect to admin login page
return redirect('admin:login')
else:
# User is a regular user, redirect to dashboard
return redirect('dashboard')
else:
messages.error(request,'Username and Password Does Not Match. !')
except:
messages.error(request,'User not Found !')
context = {}
return render(request,'panel/login.html', context)
Note: Function based views are generally written in snake_case not PascalCase, so it would be better to name it as login_page and user_login_page instead of Login_Page and User_Login_Page respectively.
I have created small ecommerce website.
User can register and login also created custom admin panel for admin which can product add, update and delete. User and Admin both URLS is different. problem is that when user login into website after I’m hit admin URLS is directly redirect to admin dashboard that I want to prevent.
Here my panel app which can handle admin site link admin can add and update the product
def Login_Page(request):
if request.user.is_authenticated:
return redirect('dashboard')
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
try:
user = User.objects.get(username = username)
except:
messages.error(request,'User Does Not Exist !')
try:
vendor_authe = User_login.objects.get(user_auth=user, is_vendor_user='y',is_customer_user='n')
user = authenticate(request, username= username, password = password)
if user is not None:
login(request, user)
return redirect('dashboard')
else:
messages.error(request,'Username and Password Does Not Match. !')
except:
messages.error(request,'User not Found !')
else:
pass
context = {
}
return render(request,'panel/login.html',context)
Here my base app view.py which can handle user side login
# Create your views here.
def User_Login_Page(request):
if request.user.is_authenticated:
return redirect('home')
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
try:
user = User.objects.get(username = username)
except:
messages.error(request,'User Does Not Exist !')
try:
user_authe = User_login.objects.get(user_auth=user, is_vendor_user='n',is_customer_user='y')
user = authenticate(request, username= username, password = password)
if user is not None:
login(request, user)
return redirect('home')
else:
messages.error(request,'Username and Password Does Not Match. !')
except:
messages.error(request,'User not Found !')
else:
pass
context = {
'form_type':'user_login'
}
return render(request,'base/login.html', context)
Here base app urls.py
from django.contrib import admin
from django.urls import path, include
from . import views
urlpatterns = [
path('user-login/', views.User_Login_Page, name="user_login"),
path('user-registration/', views.User_Registration, name="user_registration"),
path('user-logout/', views.User_Logout, name="user_logout"),
path('', views.HomePage, name="home"),
]
Here panel app urls.py
from django.contrib import admin
from django.urls import path, include
from . import views
urlpatterns = [
path('', views.Login_Page, name="login_page"),
path('logout/', views.Vendor_logout, name="logout_page"),
path('dashbord/', views.Dashboard_Page, name="dashboard"),
]
You can add the following validation in your dashboard view:
# Check if the user has staff status to view the page.
if request.user.is_staff:
# your code...
else:
messages.error(request,'You do not have the necessary permissions to view this page.')
To prevent the user from accessing the admin dashboard after logging in, you can add a check in your Login_Page view to see if the user logging in is an admin or not. If the user is an admin, then redirect them to the admin login page instead of the admin dashboard, like so:
def Login_Page(request):
if request.user.is_authenticated:
if request.user.is_staff:
return redirect('admin:login')
else:
return redirect('dashboard')
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
try:
user = User.objects.get(username=username)
except:
messages.error(request,'User Does Not Exist !')
return redirect('login_page')
try:
vendor_authe = User_login.objects.get(user_auth=user, is_vendor_user='y',is_customer_user='n')
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
if user.is_staff:
# User is an admin, redirect to admin login page
return redirect('admin:login')
else:
# User is a regular user, redirect to dashboard
return redirect('dashboard')
else:
messages.error(request,'Username and Password Does Not Match. !')
except:
messages.error(request,'User not Found !')
context = {}
return render(request,'panel/login.html', context)
Note: Function based views are generally written in
snake_casenotPascalCase, so it would be better to name it aslogin_pageanduser_login_pageinstead ofLogin_PageandUser_Login_Pagerespectively.