Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only set Django User's staff/superuser on first login. #6

Closed
wants to merge 1 commit into from
Closed

Only set Django User's staff/superuser on first login. #6

wants to merge 1 commit into from

Conversation

KoreyPeters
Copy link

This pull request modifies the code such that the setting of superuser/staff status is only done on account creation.

@AzMoo
Copy link
Owner

AzMoo commented Jan 30, 2021

Hi @KoreyPeters thanks for the pull request. The problem I see with this approach is that you can't add a user to the superuser group after user creation, you would have to manage adding and removing from super/staff through the django admin and that's not desirable for me. The goal is to be able to manage users without django being involved at all.

You mentioned in the other thread that your usecase is to allow super and staff statuses to be mutually exclusive, and that makes a lot of sense. How do you feel about a second django setting, STAFF_GROUP, which would only set the staff flag if the user is a member of that group.

That gives the ability to set the two flags individually, but also allows you to add and remove the statuses from okta.

@AzMoo
Copy link
Owner

AzMoo commented Jan 30, 2021

0654255

New branch staff-flag which demonstrates what I mean.

@KoreyPeters
Copy link
Author

Thanks for you comments. I'm not understanding your use case (which is fine! It's not my software! :)) As far as I can tell, the only way to add an admin/staff/superuser with the current code is to edit your settings.py file and re-deploy the app, which seems much more difficult/error-prone that using Django Admin. But maybe I'm missing something?

If editing/re-deploying is required for staff access, then "STAFF_GROUP" doesn't really help me. I definitely would rather manage users through Django Admin. But again, I feel like I'm missing something about how your managing users. So the idea may well have value.

I'll probably keep using my patch for now. Thanks for the excellent package. I really appreciate it.

@AzMoo
Copy link
Owner

AzMoo commented Feb 6, 2021

The STAFF_GROUP and SUPERUSER_GROUP settings each reference a group name in Okta. To manage staff users and superusers the idea is to add them to the appropriate group within Okta that is referenced by these settings.

The goal of this library is to delegate all Django user management to Okta. Is that your use case as well? If it's not, I'm not sure what you're looking for from this library.

@KoreyPeters
Copy link
Author

Ah, I read it as I needed users in that setting, not Okta groups. What you say makes much more sense. :) But yes, the STAFF_GROUP would certainly be valuable for me. Thanks!

@KoreyPeters
Copy link
Author

Now that I understand how SUPERUSER_GROUP (and potentially in the future STAFF_GROUP) are supposed to be used, this pull request isn't relevant any more.

@AzMoo
Copy link
Owner

AzMoo commented Feb 10, 2021

Great. I will merge in the STAFF_GROUP change because it makes sense to me.

Also opened up #8 to update the documentation for SUPERUSER_GROUP:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@KoreyPeters @AzMoo