Thanks for the idea. I followed up on this found that the django-registration backend is really only ment for anonymous account creation - it will log an athenticated user out upon reaching the page. The deal seems to be that in order the create an account, the user must not already have an account (must be anonymous). Makes sense for lots of situations, just not mine. So how do you make it so that only an authenticated user is able to create an account that only an anonymous user is allowed to make?
Well, I was able to come up with a little hack whereby anonymous users are redirected away from the accounts/registration page, but athenticated users will continue toward the page, they're just logged out before they get there. It seems to work, however I'm not too happy with it. My new question is, how to I go about making my own account creation page? For instance can I just make a form that gathers all the fileds I want (Name, password, etc), build a view and a template? Or is there something special that the the django-registration backend is doing that I don't realize? That's the part I'm concerned about. Should I inherit from the django-registration backend and build on that? Is there a ready made solution I don't know about that would allow an authenticated user to create accounts? I feel a bit unsure about how to proceed. Anyone have advice? Thanks! On Monday, December 3, 2012 6:10:07 PM UTC-4, Chris Cogdon wrote: > > modify the urlconf so that the function to send out registration keys can > only be executed if someone is already logged in and/or has the right kind > of permission. > > eg, instead of > > url( some-re some_function ) > > you can use > > url ( some-re, login_required(some_function) ) > > or has_perm, or a myriad of other decorators/wrappers. > > > > On Monday, December 3, 2012 1:40:02 PM UTC-8, Jason Pythonic wrote: >> >> Hi All, >> >> First time poster here, so apologies if this question has been covered - >> believe me, I've searched, but I might be too far off base to know what to >> search for. >> >> Here's my issue. I'm working on a site that is currently setup to enroll >> users via the django-registration user registration backend. >> >> User accounts are created by navigating to my_site/accounts/register/, >> entering a username, an e-mail address, and a password. Once this form is >> filled out, an activatation link is e-mailed to the new user by clicking on >> a button. When the user receives this email, they simply follow the link to >> activate their account. That all works. The problem I have is that >> absolutely anyone can come along and create their own account simply by >> going to my_site/accounts/register/ and sending themselves an activation >> e-mail. I need a way to ensure that only my website's user is authorized to >> create users, and I'm really just not sure of how to go about tackling this. >> >> I'd sure appreciate it if someone could provide direction how to do this. >> >> Just to summarize, I only want *my *site's user to be allowed to create >> new users. How do I accomplish this? >> >> >> Thanks, >> Jason >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/57AT6z6ba9MJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
