Problem: Any logged-in user can access Django Admin panel

0
votes

I have my account with is_superuser = 1 and other users with is_superuser = 0 and is_staff = 0. But Django does not restrict access to "not-staff" users. So, any logged-in user can access admin panel.

From Django documentation:

By default, logging in to the admin requires that the user has the is_superuser or is_staff attribute set to True.

But this does not work. I do not have any changes in admin settings. Except custom admin panel URL:

from django.contrib import admin


urlpatterns = [
    path('my-admin/', admin.site.urls),
]

So where can be the problem with not working Django restrictions?

Django==2.2.4

Database: MySQL

1
django
Why are you even using a custom admin user database. - Moha369
@Moha369 what do you mean? Did not understand you. I did not customize the Admin panel. - Nairum
If you are not customizing then that should be not happening, anyway we are here to solve a problem, how are you creating the users ? Using a form or manually ? - Moha369
@Moha369 users in MySQL database were created by importing data from SQLite. This was because I chenged the database for my project from SQLite to MySQL. I do not know if the problem with not working restrictions to Admin was before switching to MySQL or not. Maybe the problem is because of MySQL could create different column types. I am checking now all column types to make sure that they are all right for Django. For example. that is_staff = 0 (not is_staff is null) etc. - Nairum
I asked how are you creating the users, not where are you storing the users, what i want you to tell me how are the users created ? With a form they fill or you manually do them ? And Maybe Maybe The SQLite-MySQL is the problem which is unlikely IMHO - Moha369

1 Answers

0
votes

The problem was because in MySQL database field_type for is_superuser was Text. I changed the field type to TINYINT(1) (boolean type) and now Django does not allow all users to access Admin (except superuser).

So be very careful when switching from SQLite to MySQL in Django project! You will meet with a lot of bugs like this.