0

I am trying to get multiple sites to use the same database and code but in a way which forces each user to have their own login to each site.

I have seen a few suggestions as to how to make this work but I'm not sure which way to go.

I am using the Sites Framework, using the subdomain to identify the current site so I'm not using SITE_ID at all.

  1. Use the sites framework - This answer (https://stackoverflow.com/a/1405902/1180442) suggests using the sites framework to do it, but I'm having trouble with the get_user() method, as it doesn't have access to the request and that's where my site info is stored.
  2. Use separate databases for users - I'm really not sure about this one but I think it might cause bigger problems down the line.
  3. Change to using SITE_ID - I want to try and avoid this if possible as it will mean having to run many different instances of my app, one for each site, which uses it's own settings.py. This will quickly turn into a nightmare, I think.
  4. Permissions - I'm wondering if this should be something that I get the permissions framework to use? So one set of users for all sites but each user can have permissions to see each site, as long as they've registered with that site?

Can anyone help with this?

I quite like the idea of number 1 but I just need to get the request in the get_user() method so I can do this

def get_user(self, user_id):
        try:
            # I can't do this because there is no request available here
            return User.objects.get(pk=user_id, site=request.site)
        except User.DoesNotExist:
            return None

to prevent people logged in to one site being able to log into another using the same session.

bodger
  • 1,112
  • 6
  • 24
  • Sites framework, might take more initial investment up front but will hopefully help you avoid pitfalls later. – kevswanberg Dec 14 '17 at 16:39
  • By that, do you mean option 3 - add a new server process for each site and add various new settings files to get their SITE_IDs ? – bodger Dec 14 '17 at 16:43
  • Mean to to use option 1, but I see I might have misunderstood your question. Where is that get_user function located? – kevswanberg Dec 14 '17 at 16:44
  • OK, great - in that case I just need to know how to get hold of the request in the get_user method - any ideas? – bodger Dec 14 '17 at 16:48
  • Site.objects.get_current() doesn't work? – kevswanberg Dec 14 '17 at 16:51
  • Not if I don't have SITE_ID defined. And I can't define SITE_ID without having a settings.py and a separate server process for each site. – bodger Dec 14 '17 at 16:52
  • Seems like it should grab the site based on the request if there isn't a SITE_ID -- not sure why it is failing but figuring that out should be what you do first. https://docs.djangoproject.com/en/dev/ref/contrib/sites/#module-django.contrib.sites – kevswanberg Dec 14 '17 at 17:05
  • Sadly, it only uses the request if you pass it in - but I can't pass it in because get_user doesn't have access to it. – bodger Dec 14 '17 at 17:13
  • It seems like it should be caching it, maybe you need to make the first call in a middleware somewhere that you do have the request and then it should work in the call https://docs.djangoproject.com/en/dev/ref/contrib/sites/#caching-the-current-site-object – kevswanberg Dec 14 '17 at 18:32

1 Answers1

0

How I actually do it, not for users but for common databases, Is to design a main, hidden app with a REST API architecture. My other apps, naturally have their own DB and exchange their data via batch or stream process depending on the need. I use django-rest-framework.

For your case what I would do is that whenever a user makes a Log In request I would send it via HTTPS to my main database and get it authenticated in my main app. Whenever I would need to validate the user status I would simply make a get request to the main app.

This architecture is not that different from the one that many mobile apps have.

I hope it helps.

Santiago M. Quintero
  • 1,237
  • 15
  • 22