I am working on a job portal project. I am using custom user model And I have 2 separate models one for job seekers and other for employers. My doubt is how to restrict one user from creating a profile on other type of user based on is_staff field in User model. I am new to django, please help me.

Python

I am working on a job portal project. I am using custom user model

class UserManager(BaseUserManager):

def create_user(self, email, name, password=None, **extra_fields):

    if not email:
        raise ValueError('Users must have an email address')
    if not name:
        raise ValueError('Users must have a name')

    user = self.model(email=self.normalize_email(email), **extra_fields)
    user.set_password(password)
    user.name = name
    user.save(using=self._db)

    return user

def create_staffuser(self, email, password, name):
    user = self.create_user(
        email,
        name,
        password=password
    )
    user.is_staff = True
    user.save(using=self._db)

    return user

def create_superuser(self,  name, email, password):

    user = self.create_user(email, name, password=password)
    user.is_staff = True
    user.is_superuser = True
    user.save(using=self._db)

    return user

class User(AbstractBaseUser, PermissionsMixin):

    email = models.EmailField(max_length=255, unique=True)
    name = models.CharField(max_length=255)
    is_active = models.BooleanField(default=True)
    is_staff = models.BooleanField(default=False)

    objects = UserManager()

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['name']

JavaScript
​x
 
class UserManager(BaseUserManager):
​
def create_user(self, email, name, password=None, **extra_fields):
​
    if not email:
        raise ValueError('Users must have an email address')
    if not name:
        raise ValueError('Users must have a name')
​
    user = self.model(email=self.normalize_email(email), **extra_fields)
    user.set_password(password)
    user.name = name
    user.save(using=self._db)
​
    return user
​
def create_staffuser(self, email, password, name):
    user = self.create_user(
        email,
        name,
        password=password
    )
    user.is_staff = True
    user.save(using=self._db)
​
    return user
​
def create_superuser(self,  name, email, password):
​
    user = self.create_user(email, name, password=password)
    user.is_staff = True
    user.is_superuser = True
    user.save(using=self._db)
​
    return user
​
class User(AbstractBaseUser, PermissionsMixin):
​
    email = models.EmailField(max_length=255, unique=True)
    name = models.CharField(max_length=255)
    is_active = models.BooleanField(default=True)
    is_staff = models.BooleanField(default=False)
​
    objects = UserManager()
​
    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['name']
​

And I have 2 separate models one for job seekers and other for employers.

class SeekerProfile(models.Model):
    """Seeker profile for job seekers"""

    MALE = 'M'
    FEMALE = 'F'
    OTHERS = 'O'
    GENDER_CHOICES = [
        (MALE, 'Male'),
        (FEMALE, 'Female'),
        (OTHERS, 'Others'),
    ]
    first_name = models.CharField(max_length=255)
    last_name = models.CharField(max_length=255)
    date_of_birth = models.DateField()
    gender = models.CharField(
        max_length=1,
        choices=GENDER_CHOICES
    )
    address = models.TextField()
    city = models.CharField(max_length=100)
    pincode = models.CharField(max_length=50)
    phone_number = models.CharField(
        max_length=50, null=False, blank=False, unique=True)
    disabled = models.BooleanField(default=False)
    user = models.OneToOneField(
        settings.AUTH_USER_MODEL,
        limit_choices_to={'is_staff': False},
        on_delete=models.CASCADE
    )

    def __str__(self):
        return self.first_name+" "+self.last_name

class BusinessStream(models.Model):
    """Business Stream dataset database"""

    business_stream_name = models.CharField(max_length=50)
    user = models.ForeignKey(settings.AUTH_USER_MODEL, limit_choices_to={
                             'is_staff': True}, on_delete=models.CASCADE)

class CompanyProfile(models.Model):
    """company profile"""

    user = models.OneToOneField(settings.AUTH_USER_MODEL, limit_choices_to={
        'is_staff': True}, on_delete=models.CASCADE)
    company_name = models.CharField(max_length=100)
    profile_description = models.TextField()
    business_stream = models.ManyToManyField(
        BusinessStream)
    established_date = models.DateTimeField()
    company_url = models.URLField()

JavaScript
 
class SeekerProfile(models.Model):
    """Seeker profile for job seekers"""
​
    MALE = 'M'
    FEMALE = 'F'
    OTHERS = 'O'
    GENDER_CHOICES = [
        (MALE, 'Male'),
        (FEMALE, 'Female'),
        (OTHERS, 'Others'),
    ]
    first_name = models.CharField(max_length=255)
    last_name = models.CharField(max_length=255)
    date_of_birth = models.DateField()
    gender = models.CharField(
        max_length=1,
        choices=GENDER_CHOICES
    )
    address = models.TextField()
    city = models.CharField(max_length=100)
    pincode = models.CharField(max_length=50)
    phone_number = models.CharField(
        max_length=50, null=False, blank=False, unique=True)
    disabled = models.BooleanField(default=False)
    user = models.OneToOneField(
        settings.AUTH_USER_MODEL,
        limit_choices_to={'is_staff': False},
        on_delete=models.CASCADE
    )
​
    def __str__(self):
        return self.first_name+" "+self.last_name
​
class BusinessStream(models.Model):
    """Business Stream dataset database"""
​
    business_stream_name = models.CharField(max_length=50)
    user = models.ForeignKey(settings.AUTH_USER_MODEL, limit_choices_to={
                             'is_staff': True}, on_delete=models.CASCADE)
​
class CompanyProfile(models.Model):
    """company profile"""
​
    user = models.OneToOneField(settings.AUTH_USER_MODEL, limit_choices_to={
        'is_staff': True}, on_delete=models.CASCADE)
    company_name = models.CharField(max_length=100)
    profile_description = models.TextField()
    business_stream = models.ManyToManyField(
        BusinessStream)
    established_date = models.DateTimeField()
    company_url = models.URLField()
​

My doubt is how to restrict one user from creating a profile on other type of user based on is_staff field in User model.

I am new to django, please help me.

views.py

class UserProfileViewSet(ModelViewSet):

    queryset = SeekerProfile.objects.all()
    serializer_class = serializers.ProfileSerializer
    authentication_classes = (JWTAuthentication,)
    permission_classes = (permissions.IsAuthenticated,)

    def get_queryset(self):
        """Return objects for the current authenticated user only"""
        queryset = SeekerProfile.objects.filter(user=self.request.user)
        return queryset

    def perform_create(self, serializer):
        return serializer.save(user=self.request.user)

JavaScript
 
class UserProfileViewSet(ModelViewSet):
​
    queryset = SeekerProfile.objects.all()
    serializer_class = serializers.ProfileSerializer
    authentication_classes = (JWTAuthentication,)
    permission_classes = (permissions.IsAuthenticated,)
​
    def get_queryset(self):
        """Return objects for the current authenticated user only"""
        queryset = SeekerProfile.objects.filter(user=self.request.user)
        return queryset
​
    def perform_create(self, serializer):
        return serializer.save(user=self.request.user)
​

serializers.py

class ProfileSerializer(serializers.ModelSerializer):
    """Serializer for user Profile"""

    class Meta:
        model = SeekerProfile
        fields = '__all__'
        read_only_fields = ('id', 'user')

JavaScript
 
class ProfileSerializer(serializers.ModelSerializer):
    """Serializer for user Profile"""
​
    class Meta:
        model = SeekerProfile
        fields = '__all__'
        read_only_fields = ('id', 'user')
​

This allows employer to create seeker profile.

Answer

You would have to check the role of the authenticated user in your view and proceed accordingly – s.th. like

class UserProfileViewSet(ModelViewSet):

    queryset = SeekerProfile.objects.all()
    serializer_class = serializers.ProfileSerializer
    authentication_classes = (JWTAuthentication,)
    permission_classes = (permissions.IsAuthenticated,)

    def get_queryset(self):
        """Return objects for the current authenticated user only"""
        queryset = SeekerProfile.objects.filter(user=self.request.user)
        return queryset

    def perform_create(self, serializer):
        # Check here
        if self.request.user.is_staff:
             # do something if requesting user is staff
        else:
             # do s.th. else
        return serializer.save(user=self.request.user)

JavaScript
 
class UserProfileViewSet(ModelViewSet):
​
    queryset = SeekerProfile.objects.all()
    serializer_class = serializers.ProfileSerializer
    authentication_classes = (JWTAuthentication,)
    permission_classes = (permissions.IsAuthenticated,)
​
    def get_queryset(self):
        """Return objects for the current authenticated user only"""
        queryset = SeekerProfile.objects.filter(user=self.request.user)
        return queryset
​
    def perform_create(self, serializer):
        # Check here
        if self.request.user.is_staff:
             # do something if requesting user is staff
        else:
             # do s.th. else
        return serializer.save(user=self.request.user)
​

django-rest-framework – How to create seperate profiles for users based on is_staff

Advertisement

Answer