54

How do you get your template/view to recognize whether or not a logged in user is a super user or not?

There are certain buttons on my forms (in the template) that I want completely hidden if the user is not a super-user

How would you go about doing that?

JohnnyCash
  • 1,231
  • 6
  • 17
  • 28

3 Answers3

121

Check out is_superuser on the User object:

{% if request.user.is_superuser %}
    ...
    <button>...</button>
    ...
{% else %}
...
{% endif %}

EDIT: after @mustafa-0x comments

The above assumes that you have django.core.context_processors.request included in your TEMPLATE_CONTEXT_PROCESSORS setting which isn't the default.

The default setting for TEMPLATE_CONTEXT_PROCESSORS:

TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.debug',
    'django.core.context_processors.i18n',
    'django.core.context_processors.media',
    'django.core.context_processors.static',
    'django.core.context_processors.tz',
#    'django.core.context_processors.request',
    'django.contrib.messages.context_processors.messages',
)

already includes the django.contrib.auth.context_processors.auth (and notably doesn't include the request context processor) meaning that in most cases you will already have access to {{ user }} without the need to add it to your context via the view, or enable the request context processor to access the user as above via {{ request.user }}

Timmy O'Mahony
  • 53,000
  • 18
  • 155
  • 177
  • doesn't that just check if the user has been authenticated? I need to know if they are a super user – JohnnyCash Apr 08 '12 at 19:27
  • @TimmyO'Mahony the code doesn't work and the link is broken... mind explaining why you rejected the edit? – mustafa.0x Sep 06 '13 at 16:54
  • You changed the meaning. In a template, the `user` object is usually accessible via the `request` - you removed the `request` meaning that the `user` object would need to be added to the view's context which is wasteful when most people will have it on the request anyway. As for the link, you're right, it doesn't work. I've updated it. – Timmy O'Mahony Sep 06 '13 at 17:54
  • @TimmyO'Mahony I don't think you're correct: https://docs.djangoproject.com/en/1.5/topics/auth/default/#users – mustafa.0x Sep 07 '13 at 15:20
  • Yes? What do you want? My example is perfectly valid and I've explained why. The documentation has decided not to use the `request` object that is normally available inherently in the template via context processor and instead make the assumption that you have added the `user` object in the view before rendering the template. I prefer not to make that assumption and use the `request` object. There's no right or wrong so please stop trying to incite an argument – Timmy O'Mahony Sep 13 '13 at 08:42
  • Sorry for trying to incite an argument; I'm just trying to understand this. I've got a vanilla Django-1.5 setup here, and `request.user` is not in the default context, mind checking this on your setup? :-) – mustafa.0x Sep 13 '13 at 10:43
  • Ok, searched a bit more. It seems that [`user` is in the default context](https://docs.djangoproject.com/en/1.5/ref/templates/api/#django-contrib-auth-context-processors-auth), but [`request` isn't](https://docs.djangoproject.com/en/1.5/ref/templates/api/#django-core-context-processors-request). Also see: http://stackoverflow.com/a/10158892/2036971 – mustafa.0x Sep 13 '13 at 10:48
  • Ok sorry, I understand what you are saying now and you are correct. It's not that they are in the default context but that by default the context processor `django.contrib.auth.context_processors.auth` is included in the `TEMPLATE_CONTEXT_PROCESSOR` settings file meaning you *do* have access to the `user` object (as well as `perms` and `messages`) as they are added transparently. I'm used to always including my own `TEMPLATE_CONTEXT_PROCESSOR` instead of using the default `global_settings.py` values that I didn't realise the default settings. Apologies – Timmy O'Mahony Sep 13 '13 at 12:13
  • I've updated the answer with an edit to reflect what you're saying – Timmy O'Mahony Sep 13 '13 at 12:18
21

As discussed in the comments, you can use the User object that is available in templates automatically:

{% if user.is_superuser %}
<div class="alert alert-success" role="alert">
You are logged in as {{user.first_name}}, here are the
<a href="/admin/">admin pages</a> for changing content.
</div>
{% endif %}

You can also use user.is_staff which might be more appropriate.

shuckc
  • 2,766
  • 1
  • 22
  • 17
0

Actually when you try to check on the login html template weather the user is superuser or not you will not be able to do that because at that very instance it will be false you can check it in views.py file that user is super or not and then redirect it where ever you want. you can do some thing like this as you can see in start function

Daud Ahmed
  • 190
  • 1
  • 10
  • Please do not add code as a link to an image. Instead, [edit](https://stackoverflow.com/posts/57338808/edit) your answer and paste the code as formatted text. – Theo Aug 03 '19 at 13:53