Use logon not cookie when editing pages

2025-12-17 09:07:19 +00:00 · 2025-01-26 19:04:56 +00:00
parent 7fab42fa9e
commit ce508b0eb2
8 changed files with 67 additions and 206 deletions
--- a/parsers/users.py
+++ b/parsers/users.py
@@ -22,11 +22,11 @@ Passwords are only ever stored as hashes using the standard Django functions.
 todo = """  
 - Not fully tested, needs experience

- Need to write to BierBook for signups
-
 - Need to check/register with lists.wookware.org for email
 """

+SUPER_USERS = ["philip-sargent"] # list of userids who get the same rights as "expoadmin" i.e. the Django control panel
+
 USERS_FILE = "users.json"
 ENCRYPTED_DIR = "encrypted"

@@ -54,8 +54,13 @@ def register_user(u, email, password=None, pwhash=None, fullname=""):
            # user.set_password(None)  # use Django special setting for invalid password, but then FAILS to send password reset email
            user.set_password("secret")  # Why is the Django logic broken. Hmph.
            print(f" # setting INVALID password for user {u}, must be reset by password_reset")
-        user.is_staff = False
-        user.is_superuser = False
+        if u in SUPER_USERS:
+            user.is_staff = True
+            user.is_superuser = True
+            print(f"** {u} is SUPER and can access everything on the Django control panel")
+        else:
+           user.is_staff = False
+           user.is_superuser = False
        user.save()
        print(f" - receated and reset user '{user}'")
    except Exception as e: