What's the difference between staff, admin, superuser in django?
Django has superuser, staff, admin…
superuser and staff are in django.contib.auth.models.UserManager
. Then there is the createsuperuser
command of django-admin
.
Well, there are admin apps… What's the difference?
I take this from Django Documentation:
One of the most powerful parts of Django is the automatic admin interface. Best thing is that you can customise it easily.
If logged in as a superuser, you have access to create, edit, and delete any object (models).
You can create staff user using staff flag. The “staff” flag controls whether the user is allowed to log in to the admin interface (i.e., whether that user is considered a “staff member” in your organization). Since this same user system can be used to control access to public (i.e., non-admin) sites, this flag differentiates between public users and administrators.
“Normal” admin users – that is, active, non-superuser staff members – are granted admin access through assigned permissions. Each object editable through the admin interface has three permissions: a create permission, an edit permission and a delete permission for all the models you had created.
Django’s admin site uses a permissions system that you can use to give specific users access only to the portions of the interface that they need. When you create a user, that user has no permissions, and it’s up to you to give the user specific permission
Django only has one user type. Its simply User
. Depending on what permissions you give the user they are able to do different things by default:
- Any normal user can be authenticated (that's the whole point of the user, to have a login).
- Any user assigned the
staff
flag, can login to the contributed admin app. Beyond this, they have no other special privileges. - They can be set as active or not. Only active users are allowed to login.
A superuser is just a convenience method to create a user with all permissions. They are just normal users given staff and all permissions by default.
There is also ADMINS
and MANAGERS
settings.
These are used for notifications, when the site is running in production (ie, when DEBUG
is False).
Admins are notified of any errors that generate a traceback. They are emailed the traceback and information about the request. Managers are emailed when someone requests a link that doesn't exist (basically, when a 404 is raised).
A superuser automatically has all permissions (has_perm
will return True).
A staff member can login to the admin pages.
The admin pages are a simple interface to the models that you've configured to show up in it. It only shows the models that the current user has the right permissions for.
So if someone is both superuser and staff, they can login to the admin site and have full access to all the models that show up in the admin site.