I am working on a job portal project. I am using custom user model
JavaScript
x
48
48
1
class UserManager(BaseUserManager):
2
3
def create_user(self, email, name, password=None, **extra_fields):
4
5
if not email:
6
raise ValueError('Users must have an email address')
7
if not name:
8
raise ValueError('Users must have a name')
9
10
user = self.model(email=self.normalize_email(email), **extra_fields)
11
user.set_password(password)
12
user.name = name
13
user.save(using=self._db)
14
15
return user
16
17
def create_staffuser(self, email, password, name):
18
user = self.create_user(
19
email,
20
name,
21
password=password
22
)
23
user.is_staff = True
24
user.save(using=self._db)
25
26
return user
27
28
def create_superuser(self, name, email, password):
29
30
user = self.create_user(email, name, password=password)
31
user.is_staff = True
32
user.is_superuser = True
33
user.save(using=self._db)
34
35
return user
36
37
class User(AbstractBaseUser, PermissionsMixin):
38
39
email = models.EmailField(max_length=255, unique=True)
40
name = models.CharField(max_length=255)
41
is_active = models.BooleanField(default=True)
42
is_staff = models.BooleanField(default=False)
43
44
objects = UserManager()
45
46
USERNAME_FIELD = 'email'
47
REQUIRED_FIELDS = ['name']
48
And I have 2 separate models one for job seekers and other for employers.
JavaScript
1
52
52
1
class SeekerProfile(models.Model):
2
"""Seeker profile for job seekers"""
3
4
MALE = 'M'
5
FEMALE = 'F'
6
OTHERS = 'O'
7
GENDER_CHOICES = [
8
(MALE, 'Male'),
9
(FEMALE, 'Female'),
10
(OTHERS, 'Others'),
11
]
12
first_name = models.CharField(max_length=255)
13
last_name = models.CharField(max_length=255)
14
date_of_birth = models.DateField()
15
gender = models.CharField(
16
max_length=1,
17
choices=GENDER_CHOICES
18
)
19
address = models.TextField()
20
city = models.CharField(max_length=100)
21
pincode = models.CharField(max_length=50)
22
phone_number = models.CharField(
23
max_length=50, null=False, blank=False, unique=True)
24
disabled = models.BooleanField(default=False)
25
user = models.OneToOneField(
26
settings.AUTH_USER_MODEL,
27
limit_choices_to={'is_staff': False},
28
on_delete=models.CASCADE
29
)
30
31
def __str__(self):
32
return self.first_name+" "+self.last_name
33
34
class BusinessStream(models.Model):
35
"""Business Stream dataset database"""
36
37
business_stream_name = models.CharField(max_length=50)
38
user = models.ForeignKey(settings.AUTH_USER_MODEL, limit_choices_to={
39
'is_staff': True}, on_delete=models.CASCADE)
40
41
class CompanyProfile(models.Model):
42
"""company profile"""
43
44
user = models.OneToOneField(settings.AUTH_USER_MODEL, limit_choices_to={
45
'is_staff': True}, on_delete=models.CASCADE)
46
company_name = models.CharField(max_length=100)
47
profile_description = models.TextField()
48
business_stream = models.ManyToManyField(
49
BusinessStream)
50
established_date = models.DateTimeField()
51
company_url = models.URLField()
52
My doubt is how to restrict one user from creating a profile on other type of user based on is_staff field in User model.
I am new to django, please help me.
views.py
JavaScript
1
15
15
1
class UserProfileViewSet(ModelViewSet):
2
3
queryset = SeekerProfile.objects.all()
4
serializer_class = serializers.ProfileSerializer
5
authentication_classes = (JWTAuthentication,)
6
permission_classes = (permissions.IsAuthenticated,)
7
8
def get_queryset(self):
9
"""Return objects for the current authenticated user only"""
10
queryset = SeekerProfile.objects.filter(user=self.request.user)
11
return queryset
12
13
def perform_create(self, serializer):
14
return serializer.save(user=self.request.user)
15
serializers.py
JavaScript
1
8
1
class ProfileSerializer(serializers.ModelSerializer):
2
"""Serializer for user Profile"""
3
4
class Meta:
5
model = SeekerProfile
6
fields = '__all__'
7
read_only_fields = ('id', 'user')
8
This allows employer to create seeker profile.
Advertisement
Answer
You would have to check the role of the authenticated user in your view and proceed accordingly – s.th. like
JavaScript
1
20
20
1
class UserProfileViewSet(ModelViewSet):
2
3
queryset = SeekerProfile.objects.all()
4
serializer_class = serializers.ProfileSerializer
5
authentication_classes = (JWTAuthentication,)
6
permission_classes = (permissions.IsAuthenticated,)
7
8
def get_queryset(self):
9
"""Return objects for the current authenticated user only"""
10
queryset = SeekerProfile.objects.filter(user=self.request.user)
11
return queryset
12
13
def perform_create(self, serializer):
14
# Check here
15
if self.request.user.is_staff:
16
# do something if requesting user is staff
17
else:
18
# do s.th. else
19
return serializer.save(user=self.request.user)
20