Ivan Sagalaev wrote:
> Brian Beck wrote:
> > I don't understand how this is related to the admin interface.
>
> Admin interface won't display a login page if you already have
> request.user set to an existing user. (if I'm not mistaken :-) ).
Yep, okay. I was referring to the case where the user is either not
set or does not have privileges. In both of these cases the admin
interface will display the login form. But for this authentication
method, the login form doesn't make sense (Django doesn't know the
user's password). To get around this you can make this check yourself
and do the appropriate thing instead of displaying the login form (for
example, redirecting to a site that will set REMOTE_USER and send them
back).
Here's a sneaky way to do it, for instance:
def process_view(self, request, view_func, view_args, view_kwargs):
admin_path = ['django', 'contrib', 'admin', 'views']
view_file = view_func.func_code.co_filename
view_path = path.split(view_file)[0].split(path.sep)[-4:]
if view_path != admin_path:
# Not admin site, carry on
return None
if request.user.is_authenticated():
if request.user.is_staff:
# No chance of login form being displayed, carry on
return None
else:
# Forbidden response instead of login page
error = "<h1>Forbidden</h1><p>You do not have staff
privileges.</p>"
return HttpResponseForbidden(error)
# Instead of showing admin login page, go to your own
redirect_to =
someplace_that_will_set_REMOTE_USER_and_return_here
return HttpResponseRedirect(redirect_to)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
