drewbeebe
commented
4 years ago Please close this issue. The problem is that my custom user--when created--defaults to being a "superuser", therefore, any group_required stanza is rendered null anyway. I'm fixing the situation so the users are not "superuser"s.
Hi - I see in the documentation that if I'm using a custom user model, and it's not providing groups as a many-to-many relationship, I'd need to override check_membership.
However, I don't think this is the case for my situation and group_required isn't being used/enforced by my django app.
I have a views file which contains this kind of code: from braces.views import GroupRequiredMixin
class CompanyListView(GroupRequiredMixin, ListView): group_required = [u"owner", u"auditor", u"administrator"]
and my user model looks like this (users are defined in the models file for a 'companies' app for this application: class User(AbstractBaseUser):
I've got 4 groups: owner, auditor, vendor, and administrator. All are able to be selected in the application for a user and I can query for the users' groups and see the user belongs to the various groups.
but if I create a user, assign them to the 'vendor" group, they are STILL able to see the CompanyListView here, which they should not be, according to the group_required stanza.
Can someone point me in the right direction?
Thanks much in advance.