request.user.is_active == false

[halcightx]

When I do:

class FooAdmin(MongoAdmin):
        def has_view_permission(self, request):
                return request.user.is_authenticated and request.user.is_active

The "request.user.is_authenticated" is true. But the "request.user.is_active" is false, which prevents me from accessing the admin site.
Why my user is not active and how can I fix that, pydanny?
Thanks.

[garrypolley]

@XuyuanGuo I believe the user being active is set in your DB as an attribute on the user. You'd need to make sure on signup they get marked as active, or activate them later at some point in your user account creation flow.

Let me know if you have any other questions.

[halcightx]

@garrypolley Thank you for replying. I created my user account as an administrator in mongodb shell and login with it in settings.py:
connect('mydb', username='foo', password='bar')
I am not sure whether it is the right thing to login. mongonaut doesn't provide a login site, right?
And how do I actually "activate" my account?
Forgive my dumb questions.

[garrypolley]

We may be speaking of activate differently. You'll need to make sure the user you created is active.

This should likely be done outside of anything around django-mongonaut. See the django doc for creating a super-user: https://docs.djangoproject.com/en/dev/ref/django-admin/#createsuperuser

If it's just getting the active set I've done this:

python manage.py shell

from my_user_package.model import User

my_user = User.objects.get(username='MY_USERNAME')
my_user.active = True
my_user.save()

That should be all you need if that's your issue.

[halcightx]

@garrypolley Then how do you actually login with that 'user'?

[garrypolley]

The short version, just login.

Depends on the application. Right now the urls are not protected with auth, so you should be able to just go to them. I've done a hack to ensure the user is logged in, but logging in to your site is dependent on your setup.

[halcightx]

Ok, my problem is this:
I was following The Django Book and when I try to create an admin site as its chapter 6 http://www.djangobook.com/en/2.0/chapter06.html it won't work because I am using Mongo as my database. So, I find django-mongonaut. After configuring settings.py, urls.py and mongoadmin.py, I can see, edit, delete the data in my database from my site (../mongonaut/myapp/myclass). But what confused me is now everybody can access the admin page. If I want a login mechanism, shall I create a login page on my own? And how do I connect it with the mongoadmin page?
Thank you.

[garrypolley]

Right now we have an open issue for login #40

For now this is what I've done to require login:

#urls.py file

def add_decorator(f):
    @wraps(f)
    @login_required  # This can be any decorator you want to use to protect your view
    def wrapper(*args, **kwargs):
        return f(*args, **kwargs)
    return wrapper


# Put auth around monognaut urls
mongonaut_urls = include('mongonaut.urls')
for url_pattern in mongonaut_urls[0].urlpatterns:
    url_pattern._callback = add_decorator(url_pattern._callback)

This is a bit of a hack to protect all the urls in the app. I've had a separate conversation with someone about how 3rd party apps should protect urls and it's not an easy answer.

[garrypolley]

If you don't have anymore questions I'll close this issue out.

[halcightx]

Thank you for your reply. Go ahead and close it.

[pydanny]

A few points:

1. MongoEngine has no concept of a User model. You can create one yourself but getting that to replace Django's request system requires a bit of middleware. It's not hard to do, but I don't have any sample code for you.
2. The Django book doesn't cover MongoDB and is a whopping 4 years out of date (see the home page warning at http://www.djangobook.com). In the face of modern Django you will be running into a lot of problems using that book as a reference. If you really want to use it instead of the Django tutorial system, I recommend you look at the in-progress update at http://github.com/jacobian/djangobook.com. Trust me, you are going to save yourself a lot of grief.