I am trying to limit access to pages using 2 user levels. Superuser and admin. Super user is a regular Django user with 'is_superuser' assigned. Admin user is also a regular user with only the 'is_staff' permission assigned.
The problem is that when i use this decorator for an admin user, it doesn't pass the test:
@permission_required('is_staff') def my_view(....)
@permission_required('is_staff')
returns false for anonymous users. (correct)@permission_required('is_superuser')
only returns true for superusers (correct)@permission_required('is_staff')
returns FALSE for users with the 'is_staff' perm assigned. (wrong).
Any thoughts?
is_staff
isn't a permission so instead of permission_required
you could use:
@user_passes_test(lambda u: u.is_staff)
or
from django.contrib.admin.views.decorators import staff_member_required @staff_member_required
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With