CINXE.COM

Django Tutorial Part 8: User authentication and permissions - Learn web development | MDN

<!doctype html><html lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="https://developer.mozilla.org/favicon-48x48.bc390275e955dacb2e65.png"/><link rel="apple-touch-icon" href="https://developer.mozilla.org/apple-touch-icon.528534bba673c38049c2.png"/><meta name="theme-color" content="#ffffff"/><link rel="manifest" href="https://developer.mozilla.org/manifest.f42880861b394dd4dc9b.json"/><link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="MDN Web Docs"/><title>Django Tutorial Part 8: User authentication and permissions - Learn web development | MDN</title><link rel="alternate" title="Django-Tutorial Teil 8: Benutzer-Authentifizierung und Berechtigungen" href="https://developer.mozilla.org/de/docs/Learn/Server-side/Django/Authentication" hrefLang="de"/><link rel="alternate" title="Tutorial de Django Parte 8: Autenticación y permisos de Usuario" href="https://developer.mozilla.org/es/docs/Learn/Server-side/Django/Authentication" hrefLang="es"/><link rel="alternate" title="Tutorial Django Parte 8: Autenticação de usuário e permissões" href="https://developer.mozilla.org/pt-BR/docs/Learn/Server-side/Django/Authentication" hrefLang="pt"/><link rel="alternate" title="Руководство Django Часть 8: Аутентификация и авторизация пользователя" href="https://developer.mozilla.org/ru/docs/Learn/Server-side/Django/Authentication" hrefLang="ru"/><link rel="alternate" title="Django 教程 8:用户授权与许可" href="https://developer.mozilla.org/zh-CN/docs/Learn/Server-side/Django/Authentication" hrefLang="zh"/><link rel="alternate" title="Django Tutorial Part 8: User authentication and permissions" href="https://developer.mozilla.org/zh-TW/docs/Learn/Server-side/Django/Authentication" hrefLang="zh-Hant"/><link rel="alternate" title="Django Tutorial Part 8: User authentication and permissions" href="https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication" hrefLang="en"/><link rel="preload" as="font" type="font/woff2" href="/static/media/Inter.var.c2fe3cb2b7c746f7966a.woff2" crossorigin=""/><link rel="alternate" type="application/rss+xml" title="MDN Blog RSS Feed" href="https://developer.mozilla.org/en-US/blog/rss.xml" hrefLang="en"/><meta name="description" content="Excellent work — you&#x27;ve now created a website where library members can log in and view their own content, and where librarians (with the correct permission) can view all loaned books and their borrowers. At the moment we&#x27;re still just viewing content, but the same principles and techniques are used when you want to start modifying and adding data."/><meta property="og:url" content="https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication"/><meta property="og:title" content="Django Tutorial Part 8: User authentication and permissions - Learn web development | MDN"/><meta property="og:type" content="website"/><meta property="og:locale" content="en_US"/><meta property="og:description" content="Excellent work — you&#x27;ve now created a website where library members can log in and view their own content, and where librarians (with the correct permission) can view all loaned books and their borrowers. At the moment we&#x27;re still just viewing content, but the same principles and techniques are used when you want to start modifying and adding data."/><meta property="og:image" content="https://developer.mozilla.org/mdn-social-share.d893525a4fb5fb1f67a2.png"/><meta property="og:image:type" content="image/png"/><meta property="og:image:height" content="1080"/><meta property="og:image:width" content="1920"/><meta property="og:image:alt" content="The MDN Web Docs logo, featuring a blue accent color, displayed on a solid black background."/><meta property="og:site_name" content="MDN Web Docs"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:creator" content="MozDevNet"/><link rel="canonical" href="https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication"/><style media="print">.article-actions-container,.document-toc-container,.language-menu,.main-menu-toggle,.on-github,.page-footer,.place,.sidebar,.top-banner,.top-navigation-main,ul.prev-next{display:none!important}.main-page-content,.main-page-content pre{padding:2px}.main-page-content pre{border-left-width:2px}</style><script src="/static/js/gtag.js" defer=""></script><script defer="" src="/static/js/main.1b60bff1.js"></script><link href="/static/css/main.959b5ea9.css" rel="stylesheet"/></head><body><script>if(document.body.addEventListener("load",(t=>{t.target.classList.contains("interactive")&&t.target.setAttribute("data-readystate","complete")}),{capture:!0}),window&&document.documentElement){const t={light:"#ffffff",dark:"#1b1b1b"};try{const e=window.localStorage.getItem("theme");e&&(document.documentElement.className=e,document.documentElement.style.backgroundColor=t[e]);const o=window.localStorage.getItem("nop");o&&(document.documentElement.dataset.nop=o)}catch(t){console.warn("Unable to read theme from localStorage",t)}}</script><div id="root"><ul id="nav-access" class="a11y-nav"><li><a id="skip-main" href="#content">Skip to main content</a></li><li><a id="skip-search" href="#top-nav-search-input">Skip to search</a></li><li><a id="skip-select-language" href="#languages-switcher-button">Skip to select language</a></li></ul><div class="page-wrapper category-learn document-page"><div class="top-banner loading"><section class="place top container"></section></div><div class="sticky-header-container"><header class="top-navigation "><div class="container "><div class="top-navigation-wrap"><a href="/en-US/" class="logo" aria-label="MDN homepage"><svg id="mdn-docs-logo" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 694.9 104.4" style="enable-background:new 0 0 694.9 104.4" xml:space="preserve" role="img"><title>MDN Web Docs</title><path d="M40.3 0 11.7 92.1H0L28.5 0h11.8zm10.4 0v92.1H40.3V0h10.4zM91 0 62.5 92.1H50.8L79.3 0H91zm10.4 0v92.1H91V0h10.4z" class="logo-m"></path><path d="M627.9 95.6h67v8.8h-67v-8.8z" class="logo-_"></path><path d="M367 42h-4l-10.7 30.8h-5.5l-10.8-26h-.4l-10.5 26h-5.2L308.7 42h-3.8v-5.6H323V42h-6.5l6.8 20.4h.4l10.3-26h4.7l11.2 26h.5l5.7-20.3h-6.2v-5.6H367V42zm34.9 20c-.4 3.2-2 5.9-4.7 8.2-2.8 2.3-6.5 3.4-11.3 3.4-5.4 0-9.7-1.6-13.1-4.7-3.3-3.2-5-7.7-5-13.7 0-5.7 1.6-10.3 4.7-14s7.4-5.5 12.9-5.5c5.1 0 9.1 1.6 11.9 4.7s4.3 6.9 4.3 11.3c0 1.5-.2 3-.5 4.7h-25.6c.3 7.7 4 11.6 10.9 11.6 2.9 0 5.1-.7 6.5-2 1.5-1.4 2.5-3 3-4.9l6 .9zM394 51.3c.2-2.4-.4-4.7-1.8-6.9s-3.8-3.3-7-3.3c-3.1 0-5.3 1-6.9 3-1.5 2-2.5 4.4-2.8 7.2H394zm51 2.4c0 5-1.3 9.5-4 13.7s-6.9 6.2-12.7 6.2c-6 0-10.3-2.2-12.7-6.7-.1.4-.2 1.4-.4 2.9s-.3 2.5-.4 2.9h-7.3c.3-1.7.6-3.5.8-5.3.3-1.8.4-3.7.4-5.5V22.3h-6v-5.6H416v27c1.1-2.2 2.7-4.1 4.7-5.7 2-1.6 4.8-2.4 8.4-2.4 4.6 0 8.4 1.6 11.4 4.7 3 3.2 4.5 7.6 4.5 13.4zm-7.7.6c0-4.2-1-7.4-3-9.5-2-2.2-4.4-3.3-7.4-3.3-3.4 0-6 1.2-8 3.7-1.9 2.4-2.9 5-3 7.7V57c0 3 1 5.6 3 7.7s4.5 3.1 7.6 3.1c3.6 0 6.3-1.3 8.1-3.9 1.8-2.7 2.7-5.9 2.7-9.6zm69.2 18.5h-13.2v-7.2c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2 5.7 0 9.8 2.2 12.3 6.5V22.3h-8.6v-5.6h15.8v50.6h6v5.5zM493.2 56v-4.4c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm53.1-1.4c0 5.6-1.8 10.2-5.3 13.7s-8.2 5.3-13.9 5.3-10.1-1.7-13.4-5.1c-3.3-3.4-5-7.9-5-13.5 0-5.3 1.6-9.9 4.7-13.7 3.2-3.8 7.9-5.7 14.2-5.7s11 1.9 14.1 5.7c3 3.7 4.6 8.1 4.6 13.3zm-7.7-.2c0-4-1-7.2-3-9.5s-4.8-3.5-8.2-3.5c-3.6 0-6.4 1.2-8.3 3.7s-2.9 5.6-2.9 9.5c0 3.7.9 6.8 2.8 9.4 1.9 2.6 4.6 3.9 8.3 3.9 3.6 0 6.4-1.3 8.4-3.8 1.9-2.6 2.9-5.8 2.9-9.7zm45 5.8c-.4 3.2-1.9 6.3-4.4 9.1-2.5 2.9-6.4 4.3-11.8 4.3-5.2 0-9.4-1.6-12.6-4.8-3.2-3.2-4.8-7.7-4.8-13.7 0-5.5 1.6-10.1 4.7-13.9 3.2-3.8 7.6-5.7 13.2-5.7 2.3 0 4.6.3 6.7.8 2.2.5 4.2 1.5 6.2 2.9l1.5 9.5-5.9.7-1.3-6.1c-2.1-1.2-4.5-1.8-7.2-1.8-3.5 0-6.1 1.2-7.7 3.7-1.7 2.5-2.5 5.7-2.5 9.6 0 4.1.9 7.3 2.7 9.5 1.8 2.3 4.4 3.4 7.8 3.4 5.2 0 8.2-2.9 9.2-8.8l6.2 1.3zm34.7 1.9c0 3.6-1.5 6.5-4.6 8.5s-7 3-11.7 3c-5.7 0-10.6-1.2-14.6-3.6l1.2-8.8 5.7.6-.2 4.7c1.1.5 2.3.9 3.6 1.1s2.6.3 3.9.3c2.4 0 4.5-.4 6.5-1.3 1.9-.9 2.9-2.2 2.9-4.1 0-1.8-.8-3.1-2.3-3.8s-3.5-1.3-5.8-1.7-4.6-.9-6.9-1.4c-2.3-.6-4.2-1.6-5.7-2.9-1.6-1.4-2.3-3.5-2.3-6.3 0-4.1 1.5-6.9 4.6-8.5s6.4-2.4 9.9-2.4c2.6 0 5 .3 7.2.9 2.2.6 4.3 1.4 6.1 2.4l.8 8.8-5.8.7-.8-5.7c-2.3-1-4.7-1.6-7.2-1.6-2.1 0-3.7.4-5.1 1.1-1.3.8-2 2-2 3.8 0 1.7.8 2.9 2.3 3.6 1.5.7 3.4 1.2 5.7 1.6 2.2.4 4.5.8 6.7 1.4 2.2.6 4.1 1.6 5.7 3 1.4 1.6 2.2 3.7 2.2 6.6zM197.6 73.2h-17.1v-5.5h3.8V51.9c0-3.7-.7-6.3-2.1-7.9-1.4-1.6-3.3-2.3-5.7-2.3-3.2 0-5.6 1.1-7.2 3.4s-2.4 4.6-2.5 6.9v15.6h6v5.5h-17.1v-5.5h3.8V51.9c0-3.8-.7-6.4-2.1-7.9-1.4-1.5-3.3-2.3-5.6-2.3-3.2 0-5.5 1.1-7.2 3.3-1.6 2.2-2.4 4.5-2.5 6.9v15.8h6.9v5.5h-20.2v-5.5h6V42.4h-6.1v-5.6h13.4v6.4c1.2-2.1 2.7-3.8 4.7-5.2 2-1.3 4.4-2 7.3-2s5.3.7 7.5 2.1c2.2 1.4 3.7 3.5 4.5 6.4 1.1-2.5 2.7-4.5 4.9-6.1s4.8-2.4 7.9-2.4c3.5 0 6.5 1.1 8.9 3.3s3.7 5.6 3.7 10.2v18.2h6.1v5.5zm42.5 0h-13.2V66c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2s9.8 2.2 12.3 6.5V22.7h-8.6v-5.6h15.8v50.6h6v5.5zm-13.3-16.8V52c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm61.5 16.8H269v-5.5h6V51.9c0-3.7-.7-6.3-2.2-7.9-1.4-1.6-3.4-2.3-5.7-2.3-3.1 0-5.6 1-7.4 3s-2.8 4.4-2.9 7v15.9h6v5.5h-19.3v-5.5h6V42.4h-6.2v-5.6h13.6V43c2.6-4.6 6.8-6.9 12.7-6.9 3.6 0 6.7 1.1 9.2 3.3s3.7 5.6 3.7 10.2v18.2h6v5.4h-.2z" class="logo-text"></path></svg></a><button title="Open main menu" type="button" class="button action has-icon main-menu-toggle" aria-haspopup="menu" aria-label="Open main menu" aria-expanded="false"><span class="button-wrap"><span class="icon icon-menu "></span><span class="visually-hidden">Open main menu</span></span></button></div><div class="top-navigation-main"><nav class="main-nav" aria-label="Main menu"><ul class="main-menu nojs"><li class="top-level-entry-container "><button type="button" id="references-button" class="top-level-entry menu-toggle" aria-controls="references-menu" aria-expanded="false">References</button><a href="/en-US/docs/Web" class="top-level-entry">References</a><ul id="references-menu" class="submenu references hidden inline-submenu-lg" aria-labelledby="references-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Web/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Structure of content on the web</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Web/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Code used to describe document style</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Web/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">General-purpose scripting language</p></div></a></li><li class="http-link-container "><a href="/en-US/docs/Web/HTTP" class="submenu-item "><div class="submenu-icon http"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP</div><p class="submenu-item-description">Protocol for transmitting web resources</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Web/API" class="submenu-item "><div class="submenu-icon apis"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web APIs</div><p class="submenu-item-description">Interfaces for building web applications</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Mozilla/Add-ons/WebExtensions" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Extensions</div><p class="submenu-item-description">Developing extensions for web browsers</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li></ul></li><li class="top-level-entry-container active"><button type="button" id="guides-button" class="top-level-entry menu-toggle" aria-controls="guides-menu" aria-expanded="false">Guides</button><a href="/en-US/docs/Learn" class="top-level-entry">Guides</a><ul id="guides-menu" class="submenu guides hidden inline-submenu-lg" aria-labelledby="guides-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Learn" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Learn" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Learn/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Learn to structure web content with HTML</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Learn/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Learn to style content using CSS</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Learn/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">Learn to run scripts in the browser</p></div></a></li><li class=" "><a href="/en-US/docs/Web/Accessibility" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Accessibility</div><p class="submenu-item-description">Learn to make the web accessible to all</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="mdn-plus-button" class="top-level-entry menu-toggle" aria-controls="mdn-plus-menu" aria-expanded="false">Plus</button><a href="/en-US/plus" class="top-level-entry">Plus</a><ul id="mdn-plus-menu" class="submenu mdn-plus hidden inline-submenu-lg" aria-labelledby="mdn-plus-button"><li class=" "><a href="/en-US/plus" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview</div><p class="submenu-item-description">A customized MDN experience</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li><li class=" "><a href="/en-US/plus/updates" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Updates</div><p class="submenu-item-description">All browser compatibility updates at a glance</p></div></a></li><li class=" "><a href="/en-US/plus/docs/features/overview" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Documentation</div><p class="submenu-item-description">Learn how to use MDN Plus</p></div></a></li><li class=" "><a href="/en-US/plus/docs/faq" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">FAQ</div><p class="submenu-item-description">Frequently asked questions about MDN Plus</p></div></a></li></ul></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/curriculum/">Curriculum <sup class="new">New</sup></a></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/blog/">Blog</a></li><li class="top-level-entry-container "><button type="button" id="tools-button" class="top-level-entry menu-toggle" aria-controls="tools-menu" aria-expanded="false">Tools</button><ul id="tools-menu" class="submenu tools hidden inline-submenu-lg" aria-labelledby="tools-button"><li class=" "><a href="/en-US/play" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Playground</div><p class="submenu-item-description">Write, test and share your code</p></div></a></li><li class=" "><a href="/en-US/observatory" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP Observatory</div><p class="submenu-item-description">Scan a website for free</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li></ul></li></ul></nav><div class="header-search"><form action="/en-US/search" class="search-form search-widget" id="top-nav-search-form" role="search"><label id="top-nav-search-label" for="top-nav-search-input" class="visually-hidden">Search MDN</label><input aria-activedescendant="" aria-autocomplete="list" aria-controls="top-nav-search-menu" aria-expanded="false" aria-labelledby="top-nav-search-label" autoComplete="off" id="top-nav-search-input" role="combobox" type="search" class="search-input-field" name="q" placeholder="   " required="" value=""/><button type="button" class="button action has-icon clear-search-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear search input</span></span></button><button type="submit" class="button action has-icon search-button"><span class="button-wrap"><span class="icon icon-search "></span><span class="visually-hidden">Search</span></span></button><div id="top-nav-search-menu" role="listbox" aria-labelledby="top-nav-search-label"></div></form></div><div class="theme-switcher-menu"><button type="button" class="button action has-icon theme-switcher-menu small" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-theme-os-default "></span>Theme</span></button></div><ul class="auth-container"><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fdocs%2FLearn%2FServer-side%2FDjango%2FAuthentication" class="login-link" rel="nofollow">Log in</a></li><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fdocs%2FLearn%2FServer-side%2FDjango%2FAuthentication" target="_self" rel="nofollow" class="button primary mdn-plus-subscribe-link"><span class="button-wrap">Sign up for free</span></a></li></ul></div></div></header><div class="article-actions-container"><div class="container"><button type="button" class="button action has-icon sidebar-button" aria-label="Expand sidebar" aria-expanded="false" aria-controls="sidebar-quicklinks"><span class="button-wrap"><span class="icon icon-sidebar "></span></span></button><nav class="breadcrumbs-container" aria-label="Breadcrumb"><ol typeof="BreadcrumbList" vocab="https://schema.org/" aria-label="breadcrumbs"><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Learn" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Guides</span></a><meta property="position" content="1"/></li><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Learn/Server-side" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Server-side website programming</span></a><meta property="position" content="2"/></li><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Learn/Server-side/Django" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Django Web Framework (Python)</span></a><meta property="position" content="3"/></li><li property="itemListElement" typeof="ListItem"><a href="/en-US/docs/Learn/Server-side/Django/Authentication" class="breadcrumb-current-page" property="item" typeof="WebPage"><span property="name">Django Tutorial Part 8: User authentication and permissions</span></a><meta property="position" content="4"/></li></ol></nav><div class="article-actions"><button type="button" class="button action has-icon article-actions-toggle" aria-label="Article actions"><span class="button-wrap"><span class="icon icon-ellipses "></span><span class="article-actions-dialog-heading">Article Actions</span></span></button><ul class="article-actions-entries"><li class="article-actions-entry"><div class="languages-switcher-menu open-on-focus-within"><button id="languages-switcher-button" type="button" class="button action small has-icon languages-switcher-menu" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-language "></span>English (US)</span></button><div class="hidden"><ul class="submenu language-menu " aria-labelledby="language-menu-button"><li class=" "><form class="submenu-item locale-redirect-setting"><div class="group"><label class="switch"><input type="checkbox" name="locale-redirect"/><span class="slider"></span><span class="label">Remember language</span></label><a href="https://github.com/orgs/mdn/discussions/739" rel="external noopener noreferrer" target="_blank" title="Enable this setting to automatically switch to this language when it&#x27;s available. (Click to learn more.)"><span class="icon icon-question-mark "></span></a></div></form></li><li class=" "><a data-locale="de" href="/de/docs/Learn/Server-side/Django/Authentication" class="button submenu-item"><span>Deutsch</span><span title="Diese Übersetzung ist Teil eines Experiments."><span class="icon icon-experimental "></span></span></a></li><li class=" "><a data-locale="es" href="/es/docs/Learn/Server-side/Django/Authentication" class="button submenu-item"><span>Español</span></a></li><li class=" "><a data-locale="pt-BR" href="/pt-BR/docs/Learn/Server-side/Django/Authentication" class="button submenu-item"><span>Português (do Brasil)</span></a></li><li class=" "><a data-locale="ru" href="/ru/docs/Learn/Server-side/Django/Authentication" class="button submenu-item"><span>Русский</span></a></li><li class=" "><a data-locale="zh-CN" href="/zh-CN/docs/Learn/Server-side/Django/Authentication" class="button submenu-item"><span>中文 (简体)</span></a></li><li class=" "><a data-locale="zh-TW" href="/zh-TW/docs/Learn/Server-side/Django/Authentication" class="button submenu-item"><span>正體中文 (繁體)</span></a></li></ul></div></div></li></ul></div></div></div></div><div class="main-wrapper"><div class="sidebar-container"><aside id="sidebar-quicklinks" class="sidebar" data-macro="LearnSidebar"><button type="button" class="button action backdrop" aria-label="Collapse sidebar"><span class="button-wrap"></span></button><nav aria-label="Related Topics" class="sidebar-inner"><header class="sidebar-actions"><section class="sidebar-filter-container"><div class="sidebar-filter "><label id="sidebar-filter-label" class="sidebar-filter-label" for="sidebar-filter-input"><span class="icon icon-filter"></span><span class="visually-hidden">Filter sidebar</span></label><input id="sidebar-filter-input" autoComplete="off" class="sidebar-filter-input-field false" type="text" placeholder="Filter" value=""/><button type="button" class="button action has-icon clear-sidebar-filter-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear filter input</span></span></button></div></section></header><div class="sidebar-inner-nav"><div class="in-nav-toc"><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In this article</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#overview">Overview</a></li><li class="document-toc-item "><a class="document-toc-link" href="#enabling_authentication">Enabling authentication</a></li><li class="document-toc-item "><a class="document-toc-link" href="#creating_users_and_groups">Creating users and groups</a></li><li class="document-toc-item "><a class="document-toc-link" href="#setting_up_your_authentication_views">Setting up your authentication views</a></li><li class="document-toc-item "><a class="document-toc-link" href="#testing_against_authenticated_users">Testing against authenticated users</a></li><li class="document-toc-item "><a class="document-toc-link" href="#example_—_listing_the_current_users_books">Example — listing the current user's books</a></li><li class="document-toc-item "><a class="document-toc-link" href="#permissions">Permissions</a></li><li class="document-toc-item "><a class="document-toc-link" href="#challenge_yourself">Challenge yourself</a></li><li class="document-toc-item "><a class="document-toc-link" href="#summary">Summary</a></li><li class="document-toc-item "><a class="document-toc-link" href="#see_also">See also</a></li></ul></section></div></div><div class="sidebar-body"><ol><li class="section"><a href="/en-US/docs/Learn/Getting_started_with_the_web">Complete beginners start here!</a></li><li><details><summary>Getting started with the web</summary><ol><li><a href="/en-US/docs/Learn/Getting_started_with_the_web">Getting started with the web</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/Installing_basic_software">Installing basic software</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/What_will_your_website_look_like">What will your website look like?</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/Dealing_with_files">Dealing with files</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/HTML_basics">HTML basics</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/CSS_basics">CSS basics</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/JavaScript_basics">JavaScript basics</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/Publishing_your_website">Publishing your website</a></li><li><a href="/en-US/docs/Learn/Getting_started_with_the_web/How_the_Web_works">How the web works</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/HTML">HTML — Structuring the web</a></li><li><details><summary>Introduction to HTML</summary><ol><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML">Introduction to HTML</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/Getting_started">Getting started with HTML</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/The_head_metadata_in_HTML">What's in the head? Metadata in HTML</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/HTML_text_fundamentals">HTML text fundamentals</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/Creating_hyperlinks">Creating hyperlinks</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/Advanced_text_formatting">Advanced text formatting</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/Document_and_website_structure">Document and website structure</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/Debugging_HTML">Debugging HTML</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/Marking_up_a_letter">Marking up a letter</a></li><li><a href="/en-US/docs/Learn/HTML/Introduction_to_HTML/Structuring_a_page_of_content">Structuring a page of content</a></li></ol></details></li><li><details><summary>Multimedia and embedding</summary><ol><li><a href="/en-US/docs/Learn/HTML/Multimedia_and_embedding">Multimedia and embedding</a></li><li><a href="/en-US/docs/Learn/HTML/Multimedia_and_embedding/Images_in_HTML">Images in HTML</a></li><li><a href="/en-US/docs/Learn/HTML/Multimedia_and_embedding/Video_and_audio_content">Video and audio content</a></li><li><a href="/en-US/docs/Learn/HTML/Multimedia_and_embedding/Other_embedding_technologies">From object to iframe — other embedding technologies</a></li><li><a href="/en-US/docs/Learn/HTML/Multimedia_and_embedding/Adding_vector_graphics_to_the_Web">Adding vector graphics to the web</a></li><li><a href="/en-US/docs/Learn/HTML/Multimedia_and_embedding/Responsive_images">Responsive images</a></li><li><a href="/en-US/docs/Learn/HTML/Multimedia_and_embedding/Mozilla_splash_page">Mozilla splash page</a></li></ol></details></li><li><details><summary>HTML tables</summary><ol><li><a href="/en-US/docs/Learn/HTML/Tables">HTML tables</a></li><li><a href="/en-US/docs/Learn/HTML/Tables/Basics">HTML table basics</a></li><li><a href="/en-US/docs/Learn/HTML/Tables/Advanced">HTML table advanced features and accessibility</a></li><li><a href="/en-US/docs/Learn/HTML/Tables/Structuring_planet_data">Structuring planet data</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/CSS">CSS — Styling the web</a></li><li><details><summary>CSS first steps</summary><ol><li><a href="/en-US/docs/Learn/CSS/First_steps">CSS first steps</a></li><li><a href="/en-US/docs/Learn/CSS/First_steps/What_is_CSS">What is CSS?</a></li><li><a href="/en-US/docs/Learn/CSS/First_steps/Getting_started">Getting started with CSS</a></li><li><a href="/en-US/docs/Learn/CSS/First_steps/How_CSS_is_structured">How CSS is structured</a></li><li><a href="/en-US/docs/Learn/CSS/First_steps/How_CSS_works">How CSS works</a></li><li><a href="/en-US/docs/Learn/CSS/First_steps/Styling_a_biography_page">Styling a biography page</a></li></ol></details></li><li><details><summary>CSS building blocks</summary><ol><li><a href="/en-US/docs/Learn/CSS/Building_blocks">CSS building blocks</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Selectors">CSS selectors</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Selectors/Type_Class_and_ID_Selectors">Type, class, and ID selectors</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Selectors/Attribute_selectors">Attribute selectors</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Selectors/Pseudo-classes_and_pseudo-elements">Pseudo-classes and pseudo-elements</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Selectors/Combinators">Combinators</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Cascade_and_inheritance">Cascade, specificity, and inheritance</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Cascade_layers">Cascade layers</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/The_box_model">The box model</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Backgrounds_and_borders">Backgrounds and borders</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Handling_different_text_directions">Handling different text directions</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Overflowing_content">Overflowing content</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Values_and_units">CSS values and units</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Sizing_items_in_CSS">Sizing items in CSS</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Images_media_form_elements">Images, media, and form elements</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Styling_tables">Styling tables</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Advanced_styling_effects">Advanced styling effects</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Debugging_CSS">Debugging CSS</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Organizing">Organizing your CSS</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Fundamental_CSS_comprehension">Fundamental CSS comprehension</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/Creating_fancy_letterheaded_paper">Creating fancy letterheaded paper</a></li><li><a href="/en-US/docs/Learn/CSS/Building_blocks/A_cool_looking_box">A cool-looking box</a></li></ol></details></li><li><details><summary>Styling text</summary><ol><li><a href="/en-US/docs/Learn/CSS/Styling_text">CSS styling text</a></li><li><a href="/en-US/docs/Learn/CSS/Styling_text/Fundamentals">Fundamental text and font styling</a></li><li><a href="/en-US/docs/Learn/CSS/Styling_text/Styling_lists">Styling lists</a></li><li><a href="/en-US/docs/Learn/CSS/Styling_text/Styling_links">Styling links</a></li><li><a href="/en-US/docs/Learn/CSS/Styling_text/Web_fonts">Web fonts</a></li><li><a href="/en-US/docs/Learn/CSS/Styling_text/Typesetting_a_homepage">Typesetting a community school homepage</a></li></ol></details></li><li><details><summary>CSS layout</summary><ol><li><a href="/en-US/docs/Learn/CSS/CSS_layout">CSS layout</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Introduction">Introduction to CSS layout</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Normal_Flow">Normal Flow</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Flexbox">Flexbox</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Grids">Grids</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Floats">Floats</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Positioning">Positioning</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Multiple-column_Layout">Multiple-column layout</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Responsive_Design">Responsive design</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Media_queries">Beginner's guide to media queries</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Legacy_Layout_Methods">Legacy layout methods</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Supporting_Older_Browsers">Supporting older browsers</a></li><li><a href="/en-US/docs/Learn/CSS/CSS_layout/Fundamental_Layout_Comprehension">Fundamental layout comprehension</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/JavaScript">JavaScript — Dynamic client-side scripting</a></li><li><details><summary>JavaScript first steps</summary><ol><li><a href="/en-US/docs/Learn/JavaScript/First_steps">JavaScript first steps</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/What_is_JavaScript">What is JavaScript?</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/A_first_splash">A first splash into JavaScript</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/What_went_wrong">What went wrong? Troubleshooting JavaScript</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/Variables">Storing the information you need — Variables</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/Math">Basic math in JavaScript — numbers and operators</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/Strings">Handling text — strings in JavaScript</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/Useful_string_methods">Useful string methods</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/Arrays">Arrays</a></li><li><a href="/en-US/docs/Learn/JavaScript/First_steps/Silly_story_generator">Silly story generator</a></li></ol></details></li><li><details><summary>JavaScript building blocks</summary><ol><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks">JavaScript building blocks</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/conditionals">Making decisions in your code — conditionals</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/Looping_code">Looping code</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/Functions">Functions — reusable blocks of code</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/Build_your_own_function">Build your own function</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/Return_values">Function return values</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/Events">Introduction to events</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/Event_bubbling">Event bubbling</a></li><li><a href="/en-US/docs/Learn/JavaScript/Building_blocks/Image_gallery">Image gallery</a></li></ol></details></li><li><details><summary>Introducing JavaScript objects</summary><ol><li><a href="/en-US/docs/Learn/JavaScript/Objects">Introducing JavaScript objects</a></li><li><a href="/en-US/docs/Learn/JavaScript/Objects/Basics">JavaScript object basics</a></li><li><a href="/en-US/docs/Learn/JavaScript/Objects/Object_prototypes">Object prototypes</a></li><li><a href="/en-US/docs/Learn/JavaScript/Objects/Object-oriented_programming">Object-oriented programming</a></li><li><a href="/en-US/docs/Learn/JavaScript/Objects/Classes_in_JavaScript">Classes in JavaScript</a></li><li><a href="/en-US/docs/Learn/JavaScript/Objects/JSON">Working with JSON</a></li><li><a href="/en-US/docs/Learn/JavaScript/Objects/Object_building_practice">Object building practice</a></li><li><a href="/en-US/docs/Learn/JavaScript/Objects/Adding_bouncing_balls_features">Adding features to our bouncing balls demo</a></li></ol></details></li><li><details><summary>Asynchronous JavaScript</summary><ol><li><a href="/en-US/docs/Learn/JavaScript/Asynchronous">Asynchronous JavaScript</a></li><li><a href="/en-US/docs/Learn/JavaScript/Asynchronous/Introducing">Introducing asynchronous JavaScript</a></li><li><a href="/en-US/docs/Learn/JavaScript/Asynchronous/Promises">How to use promises</a></li><li><a href="/en-US/docs/Learn/JavaScript/Asynchronous/Implementing_a_promise-based_API">How to implement a promise-based API</a></li><li><a href="/en-US/docs/Learn/JavaScript/Asynchronous/Introducing_workers">Introducing workers</a></li><li><a href="/en-US/docs/Learn/JavaScript/Asynchronous/Sequencing_animations">Sequencing animations</a></li></ol></details></li><li><details><summary>Client-side web APIs</summary><ol><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs">Client-side web APIs</a></li><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Introduction">Introduction to web APIs</a></li><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Manipulating_documents">Manipulating documents</a></li><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Fetching_data">Fetching data from the server</a></li><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Third_party_APIs">Third-party APIs</a></li><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Drawing_graphics">Drawing graphics</a></li><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Video_and_audio_APIs">Video and Audio APIs</a></li><li><a href="/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Client-side_storage">Client-side storage</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/Forms">Web forms — Working with user data</a></li><li><details><summary>Web form building blocks</summary><ol><li><a href="/en-US/docs/Learn/Forms">Web form building blocks</a></li><li><a href="/en-US/docs/Learn/Forms/Your_first_form">Your first form</a></li><li><a href="/en-US/docs/Learn/Forms/How_to_structure_a_web_form">How to structure a web form</a></li><li><a href="/en-US/docs/Learn/Forms/Basic_native_form_controls">Basic native form controls</a></li><li><a href="/en-US/docs/Learn/Forms/HTML5_input_types">The HTML5 input types</a></li><li><a href="/en-US/docs/Learn/Forms/Other_form_controls">Other form controls</a></li><li><a href="/en-US/docs/Learn/Forms/Styling_web_forms">Styling web forms</a></li><li><a href="/en-US/docs/Learn/Forms/Advanced_form_styling">Advanced form styling</a></li><li><a href="/en-US/docs/Learn/Forms/UI_pseudo-classes">UI pseudo-classes</a></li><li><a href="/en-US/docs/Learn/Forms/Form_validation">Client-side form validation</a></li><li><a href="/en-US/docs/Learn/Forms/Sending_and_retrieving_form_data">Sending form data</a></li></ol></details></li><li><details><summary>Advanced web form techniques</summary><ol><li><a href="/en-US/docs/Learn/Forms/How_to_build_custom_form_controls">How to build custom form controls</a></li><li><a href="/en-US/docs/Learn/Forms/Sending_forms_through_JavaScript">Sending forms through JavaScript</a></li><li><a href="/en-US/docs/Learn/Forms/Property_compatibility_table_for_form_controls">CSS property compatibility table for form controls</a></li><li><a href="/en-US/docs/Learn/Forms/HTML_forms_in_legacy_browsers">HTML forms in legacy browsers</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/Accessibility">Accessibility — Make the web usable by everyone</a></li><li><details><summary>Accessibility guides</summary><ol><li><a href="/en-US/docs/Learn/Accessibility">Accessibility</a></li><li><a href="/en-US/docs/Learn/Accessibility/What_is_accessibility">What is accessibility?</a></li><li><a href="/en-US/docs/Learn/Accessibility/HTML">HTML: A good basis for accessibility</a></li><li><a href="/en-US/docs/Learn/Accessibility/CSS_and_JavaScript">CSS and JavaScript accessibility best practices</a></li><li><a href="/en-US/docs/Learn/Accessibility/WAI-ARIA_basics">WAI-ARIA basics</a></li><li><a href="/en-US/docs/Learn/Accessibility/Multimedia">Accessible multimedia</a></li><li><a href="/en-US/docs/Learn/Accessibility/Mobile">Mobile accessibility</a></li><li><a href="/en-US/docs/Learn/Accessibility/Accessibility_troubleshooting">Assessment: Accessibility troubleshooting</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/Performance">Performance — Making websites fast and responsive</a></li><li><details><summary>Performance guides</summary><ol><li><a href="/en-US/docs/Learn/Performance">Web performance</a></li><li><a href="/en-US/docs/Learn/Performance/why_web_performance">The "why" of web performance</a></li><li><a href="/en-US/docs/Learn/Performance/What_is_web_performance">What is web performance?</a></li><li><a href="/en-US/docs/Learn/Performance/Perceived_performance">Perceived performance</a></li><li><a href="/en-US/docs/Learn/Performance/Measuring_performance">Measuring performance</a></li><li><a href="/en-US/docs/Learn/Performance/Multimedia">Multimedia: Images</a></li><li><a href="/en-US/docs/Learn/Performance/video">Multimedia: video</a></li><li><a href="/en-US/docs/Learn/Performance/JavaScript">JavaScript performance optimization</a></li><li><a href="/en-US/docs/Learn/Performance/HTML">HTML performance optimization</a></li><li><a href="/en-US/docs/Learn/Performance/CSS">CSS performance optimization</a></li><li><a href="/en-US/docs/Learn/Performance/business_case_for_performance">The business case for web performance</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/MathML">MathML — Writing mathematics with MathML</a></li><li><details><summary>MathML first steps</summary><ol><li><a href="/en-US/docs/Learn/MathML/First_steps">MathML first steps</a></li><li><a href="/en-US/docs/Learn/MathML/First_steps/Getting_started">Getting started with MathML</a></li><li><a href="/en-US/docs/Learn/MathML/First_steps/Text_containers">MathML Text Containers</a></li><li><a href="/en-US/docs/Learn/MathML/First_steps/Fractions_and_roots">MathML fractions and roots</a></li><li><a href="/en-US/docs/Learn/MathML/First_steps/Scripts">MathML scripted elements</a></li><li><a href="/en-US/docs/Learn/MathML/First_steps/Tables">MathML tables</a></li><li><a href="/en-US/docs/Learn/MathML/First_steps/Three_famous_mathematical_formulas">Three famous mathematical formulas</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/../Games">Games — Developing games for the web</a></li><li><details><summary>Guides and tutorials</summary><ol><li><a href="/en-US/docs/Games/Introduction">Introduction to game development for the Web</a></li><li><a href="/en-US/docs/Games/Techniques">Techniques for game development</a></li><li><a href="/en-US/docs/Games/Tutorials">Tutorials</a></li><li><a href="/en-US/docs/Games/Publishing_games">Publishing games</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/Tools_and_testing">Tools and testing</a></li><li><details><summary>Client-side web development tools</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools">Understanding client-side web development tools</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Overview">Client-side tooling overview</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Command_line">Command line crash course</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Package_management">Package management basics</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Introducing_complete_toolchain">Introducing a complete toolchain</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Deployment">Deploying our app</a></li></ol></details></li><li><details><summary>Introduction to client-side frameworks</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Introduction">Introduction to client-side frameworks</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Main_features">Framework main features</a></li></ol></details></li><li><details><summary>React</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_getting_started">Getting started with React</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_todo_list_beginning">Beginning our React todo list</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_components">Componentizing our React app</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_interactivity_events_state">React interactivity: Events and state</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_interactivity_filtering_conditional_rendering">React interactivity: Editing, filtering, conditional rendering</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_accessibility">Accessibility in React</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_resources">React resources</a></li></ol></details></li><li><details><summary>Ember</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_getting_started">Getting started with Ember</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_structure_componentization">Ember app structure and componentization</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_interactivity_events_state">Ember interactivity: Events, classes and state</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_conditional_footer">Ember Interactivity: Footer functionality, conditional rendering</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_routing">Routing in Ember</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_resources">Ember resources and troubleshooting</a></li></ol></details></li><li><details><summary>Vue</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_getting_started">Getting started with Vue</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_first_component">Creating our first Vue component</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_rendering_lists">Rendering a list of Vue components</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_methods_events_models">Adding a new todo form: Vue events, methods, and models</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_styling">Styling Vue components with CSS</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_computed_properties">Using Vue computed properties</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_conditional_rendering">Vue conditional rendering: editing existing todos</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_refs_focus_management">Vue refs and lifecycle methods for focus management</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_resources">Vue resources</a></li></ol></details></li><li><details><summary>Svelte</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_getting_started">Getting started with Svelte</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_Todo_list_beginning">Starting our Svelte to-do list app</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_variables_props">Dynamic behavior in Svelte: working with variables and props</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_components">Componentizing our Svelte app</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_reactivity_lifecycle_accessibility">Advanced Svelte: Reactivity, lifecycle, accessibility</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_stores">Working with Svelte stores</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_TypeScript">TypeScript support in Svelte</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_deployment_next">Deployment and next steps</a></li></ol></details></li><li><details><summary>Angular</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_getting_started">Getting started with Angular</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_todo_list_beginning">Beginning our Angular todo list app</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_styling">Styling our Angular app</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_item_component">Creating an item component</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_filtering">Filtering our to-do items</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_building">Building Angular applications and further resources</a></li></ol></details></li><li><details><summary>Git and GitHub</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/GitHub">Git and GitHub</a></li></ol></details></li><li><details><summary>Cross browser testing</summary><ol><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing">Cross browser testing</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Introduction">Introduction to cross-browser testing</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Testing_strategies">Strategies for carrying out testing</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/HTML_and_CSS">Handling common HTML and CSS problems</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/JavaScript">Handling common JavaScript problems</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility">Handling common accessibility problems</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Feature_detection">Implementing feature detection</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Automated_testing">Introduction to automated testing</a></li><li><a href="/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Your_own_automation_environment">Setting up your own test automation environment</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/Server-side">Server-side website programming</a></li><li><details><summary>First steps</summary><ol><li><a href="/en-US/docs/Learn/Server-side/First_steps">Server-side website programming first steps</a></li><li><a href="/en-US/docs/Learn/Server-side/First_steps/Introduction">Introduction to the server side</a></li><li><a href="/en-US/docs/Learn/Server-side/First_steps/Client-Server_overview">Client-Server Overview</a></li><li><a href="/en-US/docs/Learn/Server-side/First_steps/Web_frameworks">Server-side web frameworks</a></li><li><a href="/en-US/docs/Learn/Server-side/First_steps/Website_security">Website security</a></li></ol></details></li><li><details open=""><summary>Django web framework (Python)</summary><ol><li><a href="/en-US/docs/Learn/Server-side/Django">Django Web Framework (Python)</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Introduction">Django introduction</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/development_environment">Setting up a Django development environment</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Tutorial_local_library_website">Django Tutorial: The Local Library website</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/skeleton_website">Django Tutorial Part 2: Creating a skeleton website</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Models">Django Tutorial Part 3: Using models</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Admin_site">Django Tutorial Part 4: Django admin site</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Home_page">Django Tutorial Part 5: Creating our home page</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Generic_views">Django Tutorial Part 6: Generic list and detail views</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Sessions">Django Tutorial Part 7: Sessions framework</a></li><li><em><a href="/en-US/docs/Learn/Server-side/Django/Authentication" aria-current="page">Django Tutorial Part 8: User authentication and permissions</a></em></li><li><a href="/en-US/docs/Learn/Server-side/Django/Forms">Django Tutorial Part 9: Working with forms</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Testing">Django Tutorial Part 10: Testing a Django web application</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/Deployment">Django Tutorial Part 11: Deploying Django to production</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/web_application_security">Django web application security</a></li><li><a href="/en-US/docs/Learn/Server-side/Django/django_assessment_blog">Assessment: DIY Django mini blog</a></li></ol></details></li><li><details><summary>Express Web Framework (Node.js/JavaScript)</summary><ol><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs">Express web framework (Node.js/JavaScript)</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/Introduction">Express/Node introduction</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/development_environment">Setting up a Node development environment</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/Tutorial_local_library_website">Express Tutorial: The Local Library website</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/skeleton_website">Express Tutorial Part 2: Creating a skeleton website</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/mongoose">Express Tutorial Part 3: Using a Database (with Mongoose)</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/routes">Express Tutorial Part 4: Routes and controllers</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/Displaying_data">Express Tutorial Part 5: Displaying library data</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/forms">Express Tutorial Part 6: Working with forms</a></li><li><a href="/en-US/docs/Learn/Server-side/Express_Nodejs/deployment">Express Tutorial Part 7: Deploying to production</a></li></ol></details></li><li class="section"><a href="/en-US/docs/Learn/Common_questions">Further resources</a></li><li><details><summary>Common questions</summary><ol><li><a href="/en-US/docs/Learn/Common_questions">Common questions</a></li><li><a href="/en-US/docs/Learn/HTML/Howto">Use HTML to solve common problems</a></li><li><a href="/en-US/docs/Learn/CSS/Howto">Use CSS to solve common problems</a></li><li><a href="/en-US/docs/Learn/JavaScript/Howto">Solve common problems in your JavaScript code</a></li><li><a href="/en-US/docs/Learn/Common_questions/Web_mechanics">Web mechanics</a></li><li><a href="/en-US/docs/Learn/Common_questions/Tools_and_setup">Tools and setup</a></li><li><a href="/en-US/docs/Learn/Common_questions/Design_and_accessibility">Design and accessibility</a></li></ol></details></li></ol></div></div><section class="place side"></section></nav></aside><div class="toc-container"><aside class="toc"><nav><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In this article</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#overview">Overview</a></li><li class="document-toc-item "><a class="document-toc-link" href="#enabling_authentication">Enabling authentication</a></li><li class="document-toc-item "><a class="document-toc-link" href="#creating_users_and_groups">Creating users and groups</a></li><li class="document-toc-item "><a class="document-toc-link" href="#setting_up_your_authentication_views">Setting up your authentication views</a></li><li class="document-toc-item "><a class="document-toc-link" href="#testing_against_authenticated_users">Testing against authenticated users</a></li><li class="document-toc-item "><a class="document-toc-link" href="#example_—_listing_the_current_users_books">Example — listing the current user's books</a></li><li class="document-toc-item "><a class="document-toc-link" href="#permissions">Permissions</a></li><li class="document-toc-item "><a class="document-toc-link" href="#challenge_yourself">Challenge yourself</a></li><li class="document-toc-item "><a class="document-toc-link" href="#summary">Summary</a></li><li class="document-toc-item "><a class="document-toc-link" href="#see_also">See also</a></li></ul></section></div></nav></aside><section class="place side"></section></div></div><main id="content" class="main-content "><article class="main-page-content" lang="en-US"><header><h1>Django Tutorial Part 8: User authentication and permissions</h1></header><div class="section-content"><ul class="prev-next"> <li><a class="button secondary" href="/en-US/docs/Learn/Server-side/Django/Sessions"><span class="button-wrap"> Previous </span></a></li> <li><a class="button secondary" href="/en-US/docs/Learn/Server-side/Django"><span class="button-wrap"> Overview: Django Web Framework (Python)</span></a></li> <li><a class="button secondary" href="/en-US/docs/Learn/Server-side/Django/Forms"><span class="button-wrap"> Next </span></a></li> </ul> <p>In this tutorial, we'll show you how to allow users to log in to your site with their own accounts, and how to control what they can do and see based on whether or not they are logged in and their <em>permissions</em>. As part of this demonstration, we'll extend the <a href="/en-US/docs/Learn/Server-side/Django/Tutorial_local_library_website">LocalLibrary</a> website, adding login and logout pages, and user- and staff-specific pages for viewing books that have been borrowed.</p> <figure class="table-container"><table> <tbody> <tr> <th scope="row">Prerequisites:</th> <td>Complete all previous tutorial topics, up to and including <a href="/en-US/docs/Learn/Server-side/Django/Sessions">Django Tutorial Part 7: Sessions framework</a>.</td> </tr> <tr> <th scope="row">Objective:</th> <td>To understand how to set up and use user authentication and permissions.</td> </tr> </tbody> </table></figure></div><section aria-labelledby="overview"><h2 id="overview"><a href="#overview">Overview</a></h2><div class="section-content"><p>Django provides an authentication and authorization ("permission") system, built on top of the session framework discussed in the <a href="/en-US/docs/Learn/Server-side/Django/Sessions">previous tutorial</a>, that allows you to verify user credentials and define what actions each user is allowed to perform. The framework includes built-in models for <code>Users</code> and <code>Groups</code> (a generic way of applying permissions to more than one user at a time), permissions/flags that designate whether a user may perform a task, forms and views for logging in users, and view tools for restricting content.</p> <div class="notecard note"> <p><strong>Note:</strong> According to Django the authentication system aims to be very generic, and so does not provide some features provided in other web authentication systems. Solutions for some common problems are available as third-party packages. For example, <a href="/en-US/docs/Glossary/Throttle">throttling</a> of login attempts and authentication against third parties (e.g. OAuth).</p> </div> <p>In this tutorial, we'll show you how to enable user authentication in the <a href="/en-US/docs/Learn/Server-side/Django/Tutorial_local_library_website">LocalLibrary</a> website, create your own login and logout pages, add permissions to your models, and control access to pages. We'll use the authentication/permissions to display lists of books that have been borrowed for both users and librarians.</p> <p>The authentication system is very flexible, and you can build up your URLs, forms, views, and templates from scratch if you like, just calling the provided API to log in the user. However, in this article, we're going to use Django's "stock" authentication views and forms for our login and logout pages. We'll still need to create some templates, but that's pretty easy.</p> <p>We'll also show you how to create permissions, and check on login status and permissions in both views and templates.</p></div></section><section aria-labelledby="enabling_authentication"><h2 id="enabling_authentication"><a href="#enabling_authentication">Enabling authentication</a></h2><div class="section-content"><p>The authentication was enabled automatically when we <a href="/en-US/docs/Learn/Server-side/Django/skeleton_website">created the skeleton website</a> (in tutorial 2) so you don't need to do anything more at this point.</p> <div class="notecard note"> <p><strong>Note:</strong> The necessary configuration was all done for us when we created the app using the <code>django-admin startproject</code> command. The database tables for users and model permissions were created when we first called <code>python manage.py migrate</code>.</p> </div> <p>The configuration is set up in the <code>INSTALLED_APPS</code> and <code>MIDDLEWARE</code> sections of the project file (<strong>django-locallibrary-tutorial/locallibrary/settings.py</strong>), as shown below:</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>INSTALLED_APPS = [ # … 'django.contrib.auth', # Core authentication framework and its default models. 'django.contrib.contenttypes', # Django content type system (allows permissions to be associated with models). # … MIDDLEWARE = [ # … 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests # … 'django.contrib.auth.middleware.AuthenticationMiddleware', # Associates users with requests using sessions. # … </code></pre></div></div></section><section aria-labelledby="creating_users_and_groups"><h2 id="creating_users_and_groups"><a href="#creating_users_and_groups">Creating users and groups</a></h2><div class="section-content"><p> You already created your first user when we looked at the <a href="/en-US/docs/Learn/Server-side/Django/Admin_site">Django admin site</a> in tutorial 4 (this was a superuser, created with the command <code>python manage.py createsuperuser</code>). Our superuser is already authenticated and has all permissions, so we'll need to create a test user to represent a normal site user. We'll be using the admin site to create our <em>locallibrary</em> groups and website logins, as it is one of the quickest ways to do so. </p> <div class="notecard note"> <p> <strong>Note:</strong> You can also create users programmatically as shown below. You would have to do this, for example, if developing an interface to allow "ordinary" users to create their own logins (you shouldn't give most users access to the admin site). </p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.models import User # Create user and save to the database user = User.objects.create_user('myusername', 'myemail@crazymail.com', 'mypassword') # Update fields and then save again user.first_name = 'Tyrone' user.last_name = 'Citizen' user.save() </code></pre></div> <p> Note however that it is highly recommended to set up a <em>custom user model</em> when starting a project, as you'll be able to easily customize it in the future if the need arises. If using a custom user model the code to create the same user would look like this: </p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code># Get current user model from settings from django.contrib.auth import get_user_model User = get_user_model() # Create user from model and save to the database user = User.objects.create_user('myusername', 'myemail@crazymail.com', 'mypassword') # Update fields and then save again user.first_name = 'Tyrone' user.last_name = 'Citizen' user.save() </code></pre></div> <p>For more information, see <a href="https://docs.djangoproject.com/en/5.0/topics/auth/customizing/#using-a-custom-user-model-when-starting-a-project" class="external" target="_blank">Using a custom user model when starting a project</a> (Django docs).</p> </div> <p>Below we'll first create a group and then a user. Even though we don't have any permissions to add for our library members yet, if we need to later, it will be much easier to add them once to the group than individually to each member.</p> <p>Start the development server and navigate to the admin site in your local web browser (<code>http://127.0.0.1:8000/admin/</code>). Login to the site using the credentials for your superuser account. The top level of the Admin site displays all of your models, sorted by "Django application". From the <strong>Authentication and Authorization</strong> section, you can click the <strong>Users</strong> or <strong>Groups</strong> links to see their existing records.</p> <p> <img src="/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add.png" alt="Admin site - add groups or users" width="661" height="364" loading="lazy"> </p> <p>First lets create a new group for our library members.</p> <ol> <li> Click the <strong>Add</strong> button (next to Group) to create a new <em>Group</em>; enter the <strong>Name</strong> "Library Members" for the group. <img src="/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add_group.png" alt="Admin site - add group" width="966" height="677" loading="lazy"> </li> <li>We don't need any permissions for the group, so just press <strong>SAVE</strong> (you will be taken to a list of groups).</li> </ol> <p>Now let's create a user:</p> <ol> <li> <p>Navigate back to the home page of the admin site</p> </li> <li> <p> Click the <strong>Add</strong> button next to <em>Users</em> to open the <em>Add user</em> dialog box. <img src="/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add_user_prt1.png" alt="Admin site - add user pt1" width="956" height="489" loading="lazy"> </p> </li> <li> <p>Enter an appropriate <strong>Username</strong> and <strong>Password</strong>/<strong>Password confirmation</strong> for your test user</p> </li> <li> <p>Press <strong>SAVE</strong> to create the user.</p> <p> The admin site will create the new user and immediately take you to a <em>Change user</em> screen where you can change your <strong>username</strong> and add information for the User model's optional fields. These fields include the first name, last name, email address, and the user's status and permissions (only the <strong>Active</strong> flag should be set). Further down you can specify the user's groups and permissions, and see important dates related to the user (e.g. their join date and last login date). <img src="/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add_user_prt2.png" alt="Admin site - add user pt2" width="992" height="788" loading="lazy"> </p> </li> <li> <p> In the <em>Groups</em> section, select <strong>Library Member</strong> group from the list of <em>Available groups</em>, and then press the <strong>right-arrow</strong> between the boxes to move it into the <em>Chosen groups</em> box. <img src="/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_user_add_group.png" alt="Admin site - add user to group" width="933" height="414" loading="lazy"> </p> </li> <li> <p>We don't need to do anything else here, so just select <strong>SAVE</strong> again, to go to the list of users.</p> </li> </ol> <p>That's it! Now you have a "normal library member" account that you will be able to use for testing (once we've implemented the pages to enable them to log in).</p> <div class="notecard note"> <p><strong>Note:</strong> You should try creating another library member user. Also, create a group for Librarians, and add a user to that too!</p> </div></div></section><section aria-labelledby="setting_up_your_authentication_views"><h2 id="setting_up_your_authentication_views"><a href="#setting_up_your_authentication_views">Setting up your authentication views</a></h2><div class="section-content"><p>Django provides almost everything you need to create authentication pages to handle login, log out, and password management "out of the box". This includes a URL mapper, views and forms, but it does not include the templates — we have to create our own!</p> <p>In this section, we show how to integrate the default system into the <em>LocalLibrary</em> website and create the templates. We'll put them in the main project URLs.</p> <div class="notecard note"> <p> <strong>Note:</strong> You don't have to use any of this code, but it is likely that you'll want to because it makes things a lot easier. You'll almost certainly need to change the form handling code if you change your user model, but even so, you would still be able to use the stock view functions. </p> </div> <div class="notecard note"> <p> <strong>Note:</strong> In this case, we could reasonably put the authentication pages, including the URLs and templates, inside our catalog application. However, if we had multiple applications it would be better to separate out this shared login behavior and have it available across the whole site, so that is what we've shown here! </p> </div></div></section><section aria-labelledby="project_urls"><h3 id="project_urls"><a href="#project_urls">Project URLs</a></h3><div class="section-content"><p>Add the following to the bottom of the project urls.py file (<strong>django-locallibrary-tutorial/locallibrary/urls.py</strong>) file:</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code># Add Django site authentication urls (for login, logout, password management) urlpatterns += [ path('accounts/', include('django.contrib.auth.urls')), ] </code></pre></div> <p> Navigate to the <code>http://127.0.0.1:8000/accounts/</code> URL (note the trailing forward slash!). Django will show an error that it could not find a mapping for this URL, and list all the URLs that it tried. From this you can see the URLs that will work once we have created templates. </p> <div class="notecard note"> <p><strong>Note:</strong> Adding the <code>accounts/</code> path as shown above adds the following URLs, along with names (given in square brackets) that can be used to reverse the URL mappings. You don't have to implement anything else — the above URL mapping automatically maps the below mentioned URLs.</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>accounts/ login/ [name='login'] accounts/ logout/ [name='logout'] accounts/ password_change/ [name='password_change'] accounts/ password_change/done/ [name='password_change_done'] accounts/ password_reset/ [name='password_reset'] accounts/ password_reset/done/ [name='password_reset_done'] accounts/ reset/&lt;uidb64&gt;/&lt;token&gt;/ [name='password_reset_confirm'] accounts/ reset/done/ [name='password_reset_complete'] </code></pre></div> </div> <p> Now try to navigate to the login URL (<code>http://127.0.0.1:8000/accounts/login/</code>). This will fail again, but with an error that tells you that we're missing the required template (<strong>registration/login.html</strong>) on the template search path. You'll see the following lines listed in the yellow section at the top: </p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>Exception Type: TemplateDoesNotExist Exception Value: registration/login.html </code></pre></div> <p>The next step is to create a directory for the templates named "registration" and then add the <strong>login.html</strong> file.</p></div></section><section aria-labelledby="template_directory"><h3 id="template_directory"><a href="#template_directory">Template directory</a></h3><div class="section-content"><p>The URLs (and implicitly, views) that we just added expect to find their associated templates in a directory <strong>/registration/</strong> somewhere in the templates search path.</p> <p>For this site, we'll put our HTML pages in the <strong>templates/registration/</strong> directory. This directory should be in your project root directory, that is, the same directory as the <strong>catalog</strong> and <strong>locallibrary</strong> folders. Please create these folders now.</p> <div class="notecard note"> <p><strong>Note:</strong> Your folder structure should now look like the below:</p> <pre class="brush: plain notranslate">django-locallibrary-tutorial/ # Django top level project folder catalog/ locallibrary/ templates/ registration/ </pre> </div> <p> To make the <strong>templates</strong> directory visible to the template loader we need to add it in the template search path. Open the project settings (<strong>/django-locallibrary-tutorial/locallibrary/settings.py</strong>). </p> <p>Then import the <code>os</code> module (add the following line near the top of the file if it isn't already present).</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>import os # needed by code below </code></pre></div> <p>Update the <code>TEMPLATES</code> section's <code>'DIRS'</code> line as shown:</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code> # … TEMPLATES = [ { # … 'DIRS': [os.path.join(BASE_DIR, 'templates')], 'APP_DIRS': True, # … </code></pre></div></div></section><section aria-labelledby="login_template"><h3 id="login_template"><a href="#login_template">Login template</a></h3><div class="section-content"><div class="notecard warning"> <p><strong>Warning:</strong> The authentication templates provided in this article are a very basic/slightly modified version of the Django demonstration login templates. You may need to customize them for your own use!</p> </div> <p>Create a new HTML file called /<strong>django-locallibrary-tutorial/templates/registration/login.html</strong> and give it the following contents:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% extends "base_generic.html" %} {% block content %} {% if form.errors %} &lt;p&gt;Your username and password didn't match. Please try again.&lt;/p&gt; {% endif %} {% if next %} {% if user.is_authenticated %} &lt;p&gt;Your account doesn't have access to this page. To proceed, please login with an account that has access.&lt;/p&gt; {% else %} &lt;p&gt;Please login to see this page.&lt;/p&gt; {% endif %} {% endif %} &lt;form method="post" action="{% url 'login' %}"&gt; {% csrf_token %} &lt;table&gt; &lt;tr&gt; &lt;td&gt;{{ form.username.label_tag }}&lt;/td&gt; &lt;td&gt;{{ form.username }}&lt;/td&gt; &lt;/tr&gt; &lt;tr&gt; &lt;td&gt;{{ form.password.label_tag }}&lt;/td&gt; &lt;td&gt;{{ form.password }}&lt;/td&gt; &lt;/tr&gt; &lt;/table&gt; &lt;input type="submit" value="login"&gt; &lt;input type="hidden" name="next" value="{{ next }}"&gt; &lt;/form&gt; {# Assumes you set up the password_reset view in your URLconf #} &lt;p&gt;&lt;a href="{% url 'password_reset' %}"&gt;Lost password?&lt;/a&gt;&lt;/p&gt; {% endblock %} </code></pre></div> <p>This template shares some similarities with the ones we've seen before — it extends our base template and overrides the <code>content</code> block. The rest of the code is fairly standard form handling code, which we will discuss in a later tutorial. All you need to know for now is that this will display a form in which you can enter your username and password, and that if you enter invalid values you will be prompted to enter correct values when the page refreshes.</p> <p>Navigate back to the login page (<code>http://127.0.0.1:8000/accounts/login/</code>) once you've saved your template, and you should see something like this:</p> <p> <img src="/en-US/docs/Learn/Server-side/Django/Authentication/library_login.png" alt="Library login page v1" width="441" height="173" loading="lazy"> </p> <p>If you log in using valid credentials, you'll be redirected to another page (by default this will be <code>http://127.0.0.1:8000/accounts/profile/</code>). The problem is that, by default, Django expects that upon logging in you will want to be taken to a profile page, which may or may not be the case. As you haven't defined this page yet, you'll get another error!</p> <p>Open the project settings (<strong>/django-locallibrary-tutorial/locallibrary/settings.py</strong>) and add the text below to the bottom. Now when you log in you should be redirected to the site homepage by default.</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code># Redirect to home URL after login (Default redirects to /accounts/profile/) LOGIN_REDIRECT_URL = '/' </code></pre></div></div></section><section aria-labelledby="logout_template"><h3 id="logout_template"><a href="#logout_template">Logout template</a></h3><div class="section-content"><p> If you navigate to the logout URL (<code>http://127.0.0.1:8000/accounts/logout/</code>) then you'll get an error because Django 5 does not allow logout using <code>GET</code>, only <code>POST</code>. We'll add a form you can use to logout in a minute, but first we'll create the page that users are taken to after logging out. </p> <p>Create and open <strong>/django-locallibrary-tutorial/templates/registration/logged_out.html</strong>. Copy in the text below:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% extends "base_generic.html" %} {% block content %} &lt;p&gt;Logged out!&lt;/p&gt; &lt;a href="{% url 'login'%}"&gt;Click here to login again.&lt;/a&gt; {% endblock %} </code></pre></div> <p>This template is very simple. It just displays a message informing you that you have been logged out, and provides a link that you can press to go back to the login screen. The screen renders like this (after logout):</p> <p> <img src="/en-US/docs/Learn/Server-side/Django/Authentication/library_logout.png" alt="Library logout page v1" width="385" height="169" loading="lazy"> </p></div></section><section aria-labelledby="password_reset_templates"><h3 id="password_reset_templates"><a href="#password_reset_templates">Password reset templates</a></h3><div class="section-content"><p>The default password reset system uses email to send the user a reset link. You need to create forms to get the user's email address, send the email, allow them to enter a new password, and to note when the whole process is complete.</p> <p>The following templates can be used as a starting point.</p> <h4 id="password_reset_form">Password reset form</h4> <p>This is the form used to get the user's email address (for sending the password reset email). Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_form.html</strong>, and give it the following contents:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% extends "base_generic.html" %} {% block content %} &lt;form action="" method="post"&gt; {% csrf_token %} {% if form.email.errors %} {{ form.email.errors }} {% endif %} &lt;p&gt;{{ form.email }}&lt;/p&gt; &lt;input type="submit" class="btn btn-default btn-lg" value="Reset password"&gt; &lt;/form&gt; {% endblock %} </code></pre></div> <h4 id="password_reset_done">Password reset done</h4> <p>This form is displayed after your email address has been collected. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_done.html</strong>, and give it the following contents:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% extends "base_generic.html" %} {% block content %} &lt;p&gt;We've emailed you instructions for setting your password. If they haven't arrived in a few minutes, check your spam folder.&lt;/p&gt; {% endblock %} </code></pre></div> <h4 id="password_reset_email">Password reset email</h4> <p>This template provides the text of the HTML email containing the reset link that we will send to users. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_email.html</strong>, and give it the following contents:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>Someone asked for password reset for email {{ email }}. Follow the link below: {{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %} </code></pre></div> <h4 id="password_reset_confirm">Password reset confirm</h4> <p>This page is where you enter your new password after clicking the link in the password reset email. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_confirm.html</strong>, and give it the following contents:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% extends "base_generic.html" %} {% block content %} {% if validlink %} &lt;p&gt;Please enter (and confirm) your new password.&lt;/p&gt; &lt;form action="" method="post"&gt; {% csrf_token %} &lt;table&gt; &lt;tr&gt; &lt;td&gt;{{ form.new_password1.errors }} &lt;label for="id_new_password1"&gt;New password:&lt;/label&gt;&lt;/td&gt; &lt;td&gt;{{ form.new_password1 }}&lt;/td&gt; &lt;/tr&gt; &lt;tr&gt; &lt;td&gt;{{ form.new_password2.errors }} &lt;label for="id_new_password2"&gt;Confirm password:&lt;/label&gt;&lt;/td&gt; &lt;td&gt;{{ form.new_password2 }}&lt;/td&gt; &lt;/tr&gt; &lt;tr&gt; &lt;td&gt;&lt;/td&gt; &lt;td&gt;&lt;input type="submit" value="Change my password"&gt;&lt;/td&gt; &lt;/tr&gt; &lt;/table&gt; &lt;/form&gt; {% else %} &lt;h1&gt;Password reset failed&lt;/h1&gt; &lt;p&gt;The password reset link was invalid, possibly because it has already been used. Please request a new password reset.&lt;/p&gt; {% endif %} {% endblock %} </code></pre></div> <h4 id="password_reset_complete">Password reset complete</h4> <p>This is the last password-reset template, which is displayed to notify you when the password reset has succeeded. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_complete.html</strong>, and give it the following contents:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% extends "base_generic.html" %} {% block content %} &lt;h1&gt;The password has been changed!&lt;/h1&gt; &lt;p&gt;&lt;a href="{% url 'login' %}"&gt;log in again?&lt;/a&gt;&lt;/p&gt; {% endblock %} </code></pre></div></div></section><section aria-labelledby="testing_the_new_authentication_pages"><h3 id="testing_the_new_authentication_pages"><a href="#testing_the_new_authentication_pages">Testing the new authentication pages</a></h3><div class="section-content"><p>Now that you've added the URL configuration and created all these templates, the authentication pages (other than logout) should now just work!</p> <p> You can test the new authentication pages by first attempting to log in to your superuser account using the URL <code>http://127.0.0.1:8000/accounts/login/</code>. You'll be able to test the password reset functionality from the link in the login page. <strong>Be aware that Django will only send reset emails to addresses (users) that are already stored in its database!</strong> </p> <p>Note that you won't be able to test account logout yet, because logout requests must be sent as a <code>POST</code> rather than a <code>GET</code> request.</p> <div class="notecard note"> <p><strong>Note:</strong> The password reset system requires that your website supports email, which is beyond the scope of this article, so this part <strong>won't work yet</strong>. To allow testing, put the following line at the end of your settings.py file. This logs any emails sent to the console (so you can copy the password reset link from the console).</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' </code></pre></div> <p>For more information, see <a href="https://docs.djangoproject.com/en/5.0/topics/email/" class="external" target="_blank">Sending email</a> (Django docs).</p> </div></div></section><section aria-labelledby="testing_against_authenticated_users"><h2 id="testing_against_authenticated_users"><a href="#testing_against_authenticated_users">Testing against authenticated users</a></h2><div class="section-content"><p>This section looks at what we can do to selectively control content the user sees based on whether they are logged in or not.</p></div></section><section aria-labelledby="testing_in_templates"><h3 id="testing_in_templates"><a href="#testing_in_templates">Testing in templates</a></h3><div class="section-content"><p>You can get information about the currently logged in user in templates with the <code>{{ user }}</code> template variable (this is added to the template context by default when you set up the project as we did in our skeleton).</p> <p>Typically you will first test against the <code>{{ user.is_authenticated }}</code> template variable to determine whether the user is eligible to see specific content. To demonstrate this, next we'll update our sidebar to display a "Login" link if the user is logged out, and a "Logout" link if they are logged in.</p> <p>Open the base template (<strong>/django-locallibrary-tutorial/catalog/templates/base_generic.html</strong>) and copy the following text into the <code>sidebar</code> block, immediately before the <code>endblock</code> template tag.</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code> &lt;ul class="sidebar-nav"&gt; … {% if user.is_authenticated %} &lt;li&gt;User: {{ user.get_username }}&lt;/li&gt; &lt;li&gt; &lt;form id="logout-form" method="post" action="{% url 'logout' %}"&gt; {% csrf_token %} &lt;button type="submit" class="btn btn-link"&gt;Logout&lt;/button&gt; &lt;/form&gt; &lt;/li&gt; {% else %} &lt;li&gt;&lt;a href="{% url 'login' %}?next={{ request.path }}"&gt;Login&lt;/a&gt;&lt;/li&gt; {% endif %} … &lt;/ul&gt; </code></pre></div> <p>As you can see, we use <code>if</code> / <code>else</code> / <code>endif</code> template tags to conditionally display text based on whether <code>{{ user.is_authenticated }}</code> is true. If the user is authenticated then we know that we have a valid user, so we call <code>{{ user.get_username }}</code> to display their name.</p> <p>We create the login link URL using the <code>url</code> template tag and the name of the <code>login</code> URL configuration. Note also how we have appended <code>?next={{ request.path }}</code> to the end of the URL. What this does is add a URL parameter <code>next</code> containing the address (URL) of the <em>current</em> page, to the end of the linked URL. After the user has successfully logged in, the view will use this <code>next</code> value to redirect the user back to the page where they first clicked the login link.</p> <p> The logout template code is different, because from Django 5 to logout you must <code>POST</code> to the <code>admin:logout</code> URL, using a form with a button. By default this would render as a button, but you can style the button to display as a link. For this example we're using <em>Bootstrap</em>, so we make the button look like a link by applying <code>class="btn btn-link"</code>. You also need to append the following styles to <strong>/django-locallibrary-tutorial/catalog/static/css/styles.css</strong> in order to correctly position the logout link next to all the other sidebar links: </p> <div class="code-example"><div class="example-header"><span class="language-name">css</span></div><pre class="brush: css notranslate"><code>#logout-form { display: inline; } #logout-form button { padding: 0; margin: 0; } </code></pre></div> <p> Try it out by clicking the Login/Logout links in the sidebar. You should be taken to the logout/login pages that you defined in the <a href="#template_directory">Template directory</a> above. </p></div></section><section aria-labelledby="testing_in_views"><h3 id="testing_in_views"><a href="#testing_in_views">Testing in views</a></h3><div class="section-content"><p>If you're using function-based views, the easiest way to restrict access to your functions is to apply the <code>login_required</code> decorator to your view function, as shown below. If the user is logged in then your view code will execute as normal. If the user is not logged in, this will redirect to the login URL defined in the project settings (<code>settings.LOGIN_URL</code>), passing the current absolute path as the <code>next</code> URL parameter. If the user succeeds in logging in then they will be returned back to this page, but this time authenticated.</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.decorators import login_required @login_required def my_view(request): # … </code></pre></div> <div class="notecard note"> <p><strong>Note:</strong> You can do the same sort of thing manually by testing on <code>request.user.is_authenticated</code>, but the decorator is much more convenient!</p> </div> <p>Similarly, the easiest way to restrict access to logged-in users in your class-based views is to derive from <code>LoginRequiredMixin</code>. You need to declare this mixin first in the superclass list, before the main view class.</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.mixins import LoginRequiredMixin class MyView(LoginRequiredMixin, View): # … </code></pre></div> <p>This has exactly the same redirect behavior as the <code>login_required</code> decorator. You can also specify an alternative location to redirect the user to if they are not authenticated (<code>login_url</code>), and a URL parameter name instead of <code>next</code> to insert the current absolute path (<code>redirect_field_name</code>).</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>class MyView(LoginRequiredMixin, View): login_url = '/login/' redirect_field_name = 'redirect_to' </code></pre></div> <p>For additional detail, check out the <a href="https://docs.djangoproject.com/en/5.0/topics/auth/default/#limiting-access-to-logged-in-users" class="external" target="_blank">Django docs here</a>.</p></div></section><section aria-labelledby="example_—_listing_the_current_users_books"><h2 id="example_—_listing_the_current_users_books"><a href="#example_—_listing_the_current_users_books">Example — listing the current user's books</a></h2><div class="section-content"><p>Now that we know how to restrict a page to a particular user, let's create a view of the books that the current user has borrowed.</p> <p>Unfortunately, we don't yet have any way for users to borrow books! So before we can create the book list we'll first extend the <code>BookInstance</code> model to support the concept of borrowing and use the Django Admin application to loan a number of books to our test user.</p></div></section><section aria-labelledby="models"><h3 id="models"><a href="#models">Models</a></h3><div class="section-content"><p>First, we're going to have to make it possible for users to have a <code>BookInstance</code> on loan (we already have a <code>status</code> and a <code>due_back</code> date, but we don't yet have any association between this model and a particular user. We'll create one using a <code>ForeignKey</code> (one-to-many) field. We also need an easy mechanism to test whether a loaned book is overdue.</p> <p>Open <strong>catalog/models.py</strong>, and import the <code>settings</code> from <code>django.conf</code> (add this just below the previous import line at the top of the file, so the settings are available to subsequent code that makes use of them):</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.conf import settings </code></pre></div> <p> Next, add the <code>borrower</code> field to the <code>BookInstance</code> model, setting the user model for the key as the value of the setting <code>AUTH_USER_MODEL</code>. Since we have not overridden the setting with a <a href="https://docs.djangoproject.com/en/5.0/topics/auth/customizing/" class="external" target="_blank">custom user model</a> this maps to the default <code>User</code> model from <code>django.contrib.auth.models</code>. </p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>borrower = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.SET_NULL, null=True, blank=True) </code></pre></div> <div class="notecard note"> <p> <strong>Note:</strong> Importing the model in this way reduces the work required if you later discover that you need a custom user model. This tutorial uses the default model, so you could instead import the <code>User</code> model directly with the following lines: </p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.models import User </code></pre></div> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>borrower = models.ForeignKey(User, on_delete=models.SET_NULL, null=True, blank=True) </code></pre></div> </div> <p> While we're here, let's add a property that we can call from our templates to tell if a particular book instance is overdue. While we could calculate this in the template itself, using a <a href="https://docs.python.org/3/library/functions.html#property" class="external" target="_blank">property</a> as shown below will be much more efficient. </p> <p>Add this somewhere near the top of the file:</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from datetime import date </code></pre></div> <p>Now add the following property definition to the <code>BookInstance</code> class:</p> <div class="notecard note"> <p> <strong>Note:</strong> The following code uses Python's <code>bool()</code> function, which evaluates an object or the resulting object of an expression, and returns <code>True</code> unless the result is "falsy", in which case it returns <code>False</code>. In Python an object is <em>falsy</em> (evaluates as <code>False</code>) if it is: empty (like <code>[]</code>, <code>()</code>, <code>{}</code>), <code>0</code>, <code>None</code> or if it is <code>False</code>. </p> </div> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>@property def is_overdue(self): """Determines if the book is overdue based on due date and current date.""" return bool(self.due_back and date.today() &gt; self.due_back) </code></pre></div> <div class="notecard note"> <p><strong>Note:</strong> We first verify whether <code>due_back</code> is empty before making a comparison. An empty <code>due_back</code> field would cause Django to throw an error instead of showing the page: empty values are not comparable. This is not something we would want our users to experience!</p> </div> <p>Now that we've updated our models, we'll need to make fresh migrations on the project and then apply those migrations:</p> <div class="code-example"><div class="example-header"><span class="language-name">bash</span></div><pre class="brush: bash notranslate"><code>python3 manage.py makemigrations python3 manage.py migrate </code></pre></div></div></section><section aria-labelledby="admin"><h3 id="admin"><a href="#admin">Admin</a></h3><div class="section-content"><p> Now open <strong>catalog/admin.py</strong>, and add the <code>borrower</code> field to the <code>BookInstanceAdmin</code> class in both the <code>list_display</code> and the <code>fieldsets</code> as shown below. This will make the field visible in the Admin section, allowing us to assign a <code>User</code> to a <code>BookInstance</code> when needed. </p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>@admin.register(BookInstance) class BookInstanceAdmin(admin.ModelAdmin): list_display = ('book', 'status', 'borrower', 'due_back', 'id') list_filter = ('status', 'due_back') fieldsets = ( (None, { 'fields': ('book', 'imprint', 'id') }), ('Availability', { 'fields': ('status', 'due_back', 'borrower') }), ) </code></pre></div></div></section><section aria-labelledby="loan_a_few_books"><h3 id="loan_a_few_books"><a href="#loan_a_few_books">Loan a few books</a></h3><div class="section-content"><p>Now that it's possible to loan books to a specific user, go and loan out a number of <code>BookInstance</code> records. Set their <code>borrowed</code> field to your test user, make the <code>status</code> "On loan", and set due dates both in the future and the past.</p> <div class="notecard note"> <p><strong>Note:</strong> We won't spell the process out, as you already know how to use the Admin site!</p> </div></div></section><section aria-labelledby="on_loan_view"><h3 id="on_loan_view"><a href="#on_loan_view">On loan view</a></h3><div class="section-content"><p>Now we'll add a view for getting the list of all books that have been loaned to the current user. We'll use the same generic class-based list view we're familiar with, but this time we'll also import and derive from <code>LoginRequiredMixin</code>, so that only a logged in user can call this view. We will also choose to declare a <code>template_name</code>, rather than using the default, because we may end up having a few different lists of BookInstance records, with different views and templates.</p> <p>Add the following to <strong>catalog/views.py</strong>:</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.mixins import LoginRequiredMixin class LoanedBooksByUserListView(LoginRequiredMixin,generic.ListView): """Generic class-based view listing books on loan to current user.""" model = BookInstance template_name = 'catalog/bookinstance_list_borrowed_user.html' paginate_by = 10 def get_queryset(self): return ( BookInstance.objects.filter(borrower=self.request.user) .filter(status__exact='o') .order_by('due_back') ) </code></pre></div> <p>In order to restrict our query to just the <code>BookInstance</code> objects for the current user, we re-implement <code>get_queryset()</code> as shown above. Note that "o" is the stored code for "on loan" and we order by the <code>due_back</code> date so that the oldest items are displayed first.</p></div></section><section aria-labelledby="url_conf_for_on_loan_books"><h3 id="url_conf_for_on_loan_books"><a href="#url_conf_for_on_loan_books">URL conf for on loan books</a></h3><div class="section-content"><p>Now open <strong>/catalog/urls.py</strong> and add a <code>path()</code> pointing to the above view (you can just copy the text below to the end of the file).</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>urlpatterns += [ path('mybooks/', views.LoanedBooksByUserListView.as_view(), name='my-borrowed'), ] </code></pre></div></div></section><section aria-labelledby="template_for_on-loan_books"><h3 id="template_for_on-loan_books"><a href="#template_for_on-loan_books">Template for on-loan books</a></h3><div class="section-content"><p>Now, all we need to do for this page is add a template. First, create the template file <strong>/catalog/templates/catalog/bookinstance_list_borrowed_user.html</strong> and give it the following contents:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% extends "base_generic.html" %} {% block content %} &lt;h1&gt;Borrowed books&lt;/h1&gt; {% if bookinstance_list %} &lt;ul&gt; {% for bookinst in bookinstance_list %} &lt;li class="{% if bookinst.is_overdue %}text-danger{% endif %}"&gt; &lt;a href="{% url 'book-detail' bookinst.book.pk %}"&gt;{{ bookinst.book.title }}&lt;/a&gt; ({{ bookinst.due_back }}) &lt;/li&gt; {% endfor %} &lt;/ul&gt; {% else %} &lt;p&gt;There are no books borrowed.&lt;/p&gt; {% endif %} {% endblock %} </code></pre></div> <p> This template is very similar to those we've created previously for the <code>Book</code> and <code>Author</code> objects. The only "new" thing here is that we check the method we added in the model <code>(bookinst.is_overdue</code>) and use it to change the color of overdue items. </p> <p>When the development server is running, you should now be able to view the list for a logged in user in your browser at <code>http://127.0.0.1:8000/catalog/mybooks/</code>. Try this out with your user logged in and logged out (in the second case, you should be redirected to the login page).</p></div></section><section aria-labelledby="add_the_list_to_the_sidebar"><h3 id="add_the_list_to_the_sidebar"><a href="#add_the_list_to_the_sidebar">Add the list to the sidebar</a></h3><div class="section-content"><p>The very last step is to add a link for this new page into the sidebar. We'll put this in the same section where we display other information for the logged in user.</p> <p>Open the base template (<strong>/django-locallibrary-tutorial/catalog/templates/base_generic.html</strong>) and add the "My Borrowed" line to the sidebar in the position shown below.</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code> &lt;ul class="sidebar-nav"&gt; {% if user.is_authenticated %} &lt;li&gt;User: {{ user.get_username }}&lt;/li&gt; &lt;li&gt;&lt;a href="{% url 'my-borrowed' %}"&gt;My Borrowed&lt;/a&gt;&lt;/li&gt; &lt;li&gt; &lt;form id="logout-form" method="post" action="{% url 'admin:logout' %}"&gt; {% csrf_token %} &lt;button type="submit" class="btn btn-link"&gt;Logout&lt;/button&gt; &lt;/form&gt; &lt;/li&gt; {% else %} &lt;li&gt;&lt;a href="{% url 'login' %}?next={{ request.path }}"&gt;Login&lt;/a&gt;&lt;/li&gt; {% endif %} &lt;/ul&gt; </code></pre></div></div></section><section aria-labelledby="what_does_it_look_like"><h3 id="what_does_it_look_like"><a href="#what_does_it_look_like">What does it look like?</a></h3><div class="section-content"><p>When any user is logged in, they'll see the <em>My Borrowed</em> link in the sidebar, and the list of books displayed as below (the first book has no due date, which is a bug we hope to fix in a later tutorial!).</p> <p> <img src="/en-US/docs/Learn/Server-side/Django/Authentication/library_borrowed_by_user.png" alt="Library - borrowed books by user" width="530" height="215" loading="lazy"> </p></div></section><section aria-labelledby="permissions"><h2 id="permissions"><a href="#permissions">Permissions</a></h2><div class="section-content"><p>Permissions are associated with models and define the operations that can be performed on a model instance by a user who has the permission. By default, Django automatically gives <em>add</em>, <em>change</em>, and <em>delete</em> permissions to all models, which allow users with the permissions to perform the associated actions via the admin site. You can define your own permissions to models and grant them to specific users. You can also change the permissions associated with different instances of the same model.</p> <p>Testing on permissions in views and templates is then very similar to testing on the authentication status (and in fact, testing for a permission also tests for authentication).</p></div></section><section aria-labelledby="models_2"><h3 id="models_2"><a href="#models_2">Models</a></h3><div class="section-content"><p> Defining permissions is done on the model <code>class Meta</code> section, using the <code>permissions</code> field. You can specify as many permissions as you need in a tuple, each permission itself being defined in a nested tuple containing the permission name and permission display value. For example, we might define a permission to allow a user to mark that a book has been returned as shown: </p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>class BookInstance(models.Model): # … class Meta: # … permissions = (("can_mark_returned", "Set book as returned"),) </code></pre></div> <p>We could then assign the permission to a "Librarian" group in the Admin site.</p> <p>Open the <strong>catalog/models.py</strong>, and add the permission as shown above. You will need to re-run your migrations (call <code>python3 manage.py makemigrations</code> and <code>python3 manage.py migrate</code>) to update the database appropriately.</p></div></section><section aria-labelledby="templates"><h3 id="templates"><a href="#templates">Templates</a></h3><div class="section-content"><p>The current user's permissions are stored in a template variable called <code>{{ perms }}</code>. You can check whether the current user has a particular permission using the specific variable name within the associated Django "app" — e.g. <code>{{ perms.catalog.can_mark_returned }}</code> will be <code>True</code> if the user has this permission, and <code>False</code> otherwise. We typically test for the permission using the template <code>{% if %}</code> tag as shown:</p> <div class="code-example"><div class="example-header"><span class="language-name">django</span></div><pre class="brush: django notranslate"><code>{% if perms.catalog.can_mark_returned %} &lt;!-- We can mark a BookInstance as returned. --&gt; &lt;!-- Perhaps add code to link to a "book return" view here. --&gt; {% endif %} </code></pre></div></div></section><section aria-labelledby="views"><h3 id="views"><a href="#views">Views</a></h3><div class="section-content"><p>Permissions can be tested in function view using the <code>permission_required</code> decorator or in a class-based view using the <code>PermissionRequiredMixin</code>. The pattern are the same as for login authentication, though of course, you might reasonably have to add multiple permissions.</p> <p>Function view decorator:</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.decorators import permission_required @permission_required('catalog.can_mark_returned') @permission_required('catalog.can_edit') def my_view(request): # … </code></pre></div> <p>A permission-required mixin for class-based views.</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.mixins import PermissionRequiredMixin class MyView(PermissionRequiredMixin, View): permission_required = 'catalog.can_mark_returned' # Or multiple permissions permission_required = ('catalog.can_mark_returned', 'catalog.change_book') # Note that 'catalog.change_book' is permission # Is created automatically for the book model, along with add_book, and delete_book </code></pre></div> <div class="notecard note"> <p><strong>Note:</strong> There is a small default difference in the behavior above. By <strong>default</strong> for a logged-in user with a permission violation:</p> <ul> <li><code>@permission_required</code> redirects to login screen (HTTP Status 302).</li> <li><code>PermissionRequiredMixin</code> returns 403 (HTTP Status Forbidden).</li> </ul> <p>Normally you will want the <code>PermissionRequiredMixin</code> behavior: return 403 if a user is logged in but does not have the correct permission. To do this for a function view use <code>@login_required</code> and <code>@permission_required</code> with <code>raise_exception=True</code> as shown:</p> <div class="code-example"><div class="example-header"><span class="language-name">python</span></div><pre class="brush: python notranslate"><code>from django.contrib.auth.decorators import login_required, permission_required @login_required @permission_required('catalog.can_mark_returned', raise_exception=True) def my_view(request): # … </code></pre></div> </div></div></section><section aria-labelledby="example"><h3 id="example"><a href="#example">Example</a></h3><div class="section-content"><p>We won't update the <em>LocalLibrary</em> here; perhaps in the next tutorial!</p></div></section><section aria-labelledby="challenge_yourself"><h2 id="challenge_yourself"><a href="#challenge_yourself">Challenge yourself</a></h2><div class="section-content"><p> Earlier in this article, we showed you how to create a page for the current user, listing the books that they have borrowed. The challenge now is to create a similar page that is only visible for librarians, that displays <em>all</em> books that have been borrowed, and which includes the name of each borrower. </p> <p>You should be able to follow the same pattern as for the other view. The main difference is that you'll need to restrict the view to only librarians. You could do this based on whether the user is a staff member (function decorator: <code>staff_member_required</code>, template variable: <code>user.is_staff</code>) but we recommend that you instead use the <code>can_mark_returned</code> permission and <code>PermissionRequiredMixin</code>, as described in the previous section.</p> <div class="notecard warning"> <p><strong>Warning:</strong> Remember not to use your superuser for permissions based testing (permission checks always return true for superusers, even if a permission has not yet been defined!). Instead, create a librarian user, and add the required capability.</p> </div> <p>When you are finished, your page should look something like the screenshot below.</p> <p> <img src="/en-US/docs/Learn/Server-side/Django/Authentication/library_borrowed_all.png" alt="All borrowed books, restricted to librarian" width="500" height="283" loading="lazy"> </p></div></section><section aria-labelledby="summary"><h2 id="summary"><a href="#summary">Summary</a></h2><div class="section-content"><p>Excellent work — you've now created a website where library members can log in and view their own content, and where librarians (with the correct permission) can view all loaned books and their borrowers. At the moment we're still just viewing content, but the same principles and techniques are used when you want to start modifying and adding data.</p> <p>In our next article, we'll look at how you can use Django forms to collect user input, and then start modifying some of our stored data.</p></div></section><section aria-labelledby="see_also"><h2 id="see_also"><a href="#see_also">See also</a></h2><div class="section-content"><ul> <li><a href="https://docs.djangoproject.com/en/5.0/topics/auth/" class="external" target="_blank">User authentication in Django</a> (Django docs)</li> <li><a href="https://docs.djangoproject.com/en/5.0/topics/auth/default/" class="external" target="_blank">Using the (default) Django authentication system</a> (Django docs)</li> <li><a href="https://docs.djangoproject.com/en/5.0/topics/class-based-views/intro/#decorating-class-based-views" class="external" target="_blank">Introduction to class-based views &gt; Decorating class-based views</a> (Django docs)</li> </ul><ul class="prev-next"> <li><a class="button secondary" href="/en-US/docs/Learn/Server-side/Django/Sessions"><span class="button-wrap"> Previous </span></a></li> <li><a class="button secondary" href="/en-US/docs/Learn/Server-side/Django"><span class="button-wrap"> Overview: Django Web Framework (Python)</span></a></li> <li><a class="button secondary" href="/en-US/docs/Learn/Server-side/Django/Forms"><span class="button-wrap"> Next </span></a></li> </ul></div></section></article><aside class="article-footer"><div class="article-footer-inner"><div class="svg-container"><svg xmlns="http://www.w3.org/2000/svg" width="162" height="162" viewBox="0 0 162 162" fill="none" role="none"><mask id="b" fill="#fff"><path d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z"></path></mask><path stroke="url(#a)" stroke-dasharray="6, 6" stroke-width="2" d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z" mask="url(#b)" style="stroke:url(#a)" transform="translate(-63.992 -25.587)"></path><ellipse cx="8.066" cy="111.597" fill="var(--background-tertiary)" rx="53.677" ry="53.699" transform="matrix(.71707 -.697 .7243 .6895 0 0)"></ellipse><g clip-path="url(#c)" transform="translate(-63.992 -25.587)"><path fill="#9abff5" d="m144.256 137.379 32.906 12.434a4.41 4.41 0 0 1 2.559 5.667l-9.326 24.679a4.41 4.41 0 0 1-5.667 2.559l-8.226-3.108-2.332 6.17c-.466 1.233-.375 1.883-1.609 1.417l-2.253-.527c-.411-.155-.95-.594-1.206-1.161l-4.734-10.484-12.545-4.741a4.41 4.41 0 0 1-2.559-5.667l9.325-24.679a4.41 4.41 0 0 1 5.667-2.559m9.961 29.617 8.227 3.108 3.264-8.638-.498-6.768-4.113-1.555.548 7.258-4.319-1.632zm-12.339-4.663 8.226 3.108 3.264-8.637-.498-6.769-4.113-1.554.548 7.257-4.319-1.632z"></path></g><g clip-path="url(#d)" transform="translate(-63.992 -25.587)"><path fill="#81b0f3" d="M135.35 60.136 86.67 41.654c-3.346-1.27-7.124.428-8.394 3.775L64.414 81.938c-1.27 3.347.428 7.125 3.774 8.395l12.17 4.62-3.465 9.128c-.693 1.826-1.432 2.457.394 3.15l3.014 1.625c.609.231 1.637.274 2.477-.104l15.53-6.983 18.56 7.047c3.346 1.27 7.124-.428 8.395-3.775l13.862-36.51c1.27-3.346-.428-7.124-3.775-8.395M95.261 83.207l-12.17-4.62 4.852-12.779 7.19-7.017 6.085 2.31-7.725 7.51 6.389 2.426zm18.255 6.93-12.17-4.62 4.852-12.778 7.189-7.017 6.085 2.31-7.725 7.51 6.39 2.426z"></path></g><defs><clipPath id="c"><path fill="#fff" d="m198.638 146.586-65.056-24.583-24.583 65.057 65.056 24.582z"></path></clipPath><clipPath id="d"><path fill="#fff" d="m66.438 14.055 96.242 36.54-36.54 96.243-96.243-36.54z"></path></clipPath><linearGradient id="a" x1="97.203" x2="199.995" y1="47.04" y2="152.793" gradientUnits="userSpaceOnUse"><stop stop-color="#086DFC"></stop><stop offset="0.246" stop-color="#2C81FA"></stop><stop offset="0.516" stop-color="#5497F8"></stop><stop offset="0.821" stop-color="#80B0F6"></stop><stop offset="1" stop-color="#9ABFF5"></stop></linearGradient></defs></svg></div><h2>Help improve MDN</h2><fieldset class="feedback"><label>Was this page helpful to you?</label><div class="button-container"><button type="button" class="button primary has-icon yes"><span class="button-wrap"><span class="icon icon-thumbs-up "></span>Yes</span></button><button type="button" class="button primary has-icon no"><span class="button-wrap"><span class="icon icon-thumbs-down "></span>No</span></button></div></fieldset><a class="contribute" href="https://github.com/mdn/content/blob/main/CONTRIBUTING.md" title="This will take you to our contribution guidelines on GitHub." target="_blank" rel="noopener noreferrer">Learn how to contribute</a>.<p class="last-modified-date">This page was last modified on<!-- --> <time dateTime="2024-11-21T23:54:26.000Z">Nov 21, 2024</time> by<!-- --> <a href="/en-US/docs/Learn/Server-side/Django/Authentication/contributors.txt" rel="nofollow">MDN contributors</a>.</p><div id="on-github" class="on-github"><a href="https://github.com/mdn/content/blob/main/files/en-us/learn/server-side/django/authentication/index.md?plain=1" title="Folder: en-us/learn/server-side/django/authentication (Opens in a new tab)" target="_blank" rel="noopener noreferrer">View this page on GitHub</a> <!-- -->•<!-- --> <a href="https://github.com/mdn/content/issues/new?template=page-report.yml&amp;mdn-url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FLearn%2FServer-side%2FDjango%2FAuthentication&amp;metadata=%3C%21--+Do+not+make+changes+below+this+line+--%3E%0A%3Cdetails%3E%0A%3Csummary%3EPage+report+details%3C%2Fsummary%3E%0A%0A*+Folder%3A+%60en-us%2Flearn%2Fserver-side%2Fdjango%2Fauthentication%60%0A*+MDN+URL%3A+https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FLearn%2FServer-side%2FDjango%2FAuthentication%0A*+GitHub+URL%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fblob%2Fmain%2Ffiles%2Fen-us%2Flearn%2Fserver-side%2Fdjango%2Fauthentication%2Findex.md%0A*+Last+commit%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Fcontent%2Fcommit%2F619d9d3e00c0170b041f504103546d7d68a3791a%0A*+Document+last+modified%3A+2024-11-21T23%3A54%3A26.000Z%0A%0A%3C%2Fdetails%3E" title="This will take you to GitHub to file a new issue." target="_blank" rel="noopener noreferrer">Report a problem with this content</a></div></div></aside></main></div></div><footer id="nav-footer" class="page-footer"><div class="page-footer-grid"><div class="page-footer-logo-col"><a href="/" class="mdn-footer-logo" aria-label="MDN homepage"><svg width="48" height="17" viewBox="0 0 48 17" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mdn-footer-logo-svg">MDN logo</title><path d="M20.04 16.512H15.504V10.416C15.504 9.488 15.344 8.824 15.024 8.424C14.72 8.024 14.264 7.824 13.656 7.824C12.92 7.824 12.384 8.064 12.048 8.544C11.728 9.024 11.568 9.64 11.568 10.392V14.184H13.008V16.512H8.472V10.416C8.472 9.488 8.312 8.824 7.992 8.424C7.688 8.024 7.232 7.824 6.624 7.824C5.872 7.824 5.336 8.064 5.016 8.544C4.696 9.024 4.536 9.64 4.536 10.392V14.184H6.6V16.512H0V14.184H1.44V8.04H0.024V5.688H4.536V7.32C5.224 6.088 6.32 5.472 7.824 5.472C8.608 5.472 9.328 5.664 9.984 6.048C10.64 6.432 11.096 7.016 11.352 7.8C11.992 6.248 13.168 5.472 14.88 5.472C15.856 5.472 16.72 5.776 17.472 6.384C18.224 6.992 18.6 7.936 18.6 9.216V14.184H20.04V16.512Z" fill="currentColor"></path><path d="M33.6714 16.512H29.1354V14.496C28.8314 15.12 28.3834 15.656 27.7914 16.104C27.1994 16.536 26.4154 16.752 25.4394 16.752C24.0154 16.752 22.8954 16.264 22.0794 15.288C21.2634 14.312 20.8554 12.984 20.8554 11.304C20.8554 9.688 21.2554 8.312 22.0554 7.176C22.8554 6.04 24.0634 5.472 25.6794 5.472C26.5594 5.472 27.2794 5.648 27.8394 6C28.3994 6.352 28.8314 6.8 29.1354 7.344V2.352H26.9754V0H32.2314V14.184H33.6714V16.512ZM29.1354 11.04V10.776C29.1354 9.88 28.8954 9.184 28.4154 8.688C27.9514 8.176 27.3674 7.92 26.6634 7.92C25.9754 7.92 25.3674 8.176 24.8394 8.688C24.3274 9.2 24.0714 10.008 24.0714 11.112C24.0714 12.152 24.3114 12.944 24.7914 13.488C25.2714 14.032 25.8394 14.304 26.4954 14.304C27.3114 14.304 27.9514 13.96 28.4154 13.272C28.8954 12.584 29.1354 11.84 29.1354 11.04Z" fill="currentColor"></path><path d="M47.9589 16.512H41.9829V14.184H43.4229V10.416C43.4229 9.488 43.2629 8.824 42.9429 8.424C42.6389 8.024 42.1829 7.824 41.5749 7.824C40.8389 7.824 40.2709 8.056 39.8709 8.52C39.4709 8.968 39.2629 9.56 39.2469 10.296V14.184H40.6869V16.512H34.7109V14.184H36.1509V8.04H34.5909V5.688H39.2469V7.344C39.9669 6.096 41.1269 5.472 42.7269 5.472C43.7509 5.472 44.6389 5.776 45.3909 6.384C46.1429 6.992 46.5189 7.936 46.5189 9.216V14.184H47.9589V16.512Z" fill="currentColor"></path></svg></a><p>Your blueprint for a better internet.</p><ul class="social-icons"><li><a href="https://mozilla.social/@mdn" target="_blank" rel="me noopener noreferrer"><span class="icon icon-mastodon"></span><span class="visually-hidden">MDN on Mastodon</span></a></li><li><a href="https://twitter.com/mozdevnet" target="_blank" rel="noopener noreferrer"><span class="icon icon-twitter-x"></span><span class="visually-hidden">MDN on X (formerly Twitter)</span></a></li><li><a href="https://github.com/mdn/" target="_blank" rel="noopener noreferrer"><span class="icon icon-github-mark-small"></span><span class="visually-hidden">MDN on GitHub</span></a></li><li><a href="/en-US/blog/rss.xml" target="_blank"><span class="icon icon-feed"></span><span class="visually-hidden">MDN Blog RSS Feed</span></a></li></ul></div><div class="page-footer-nav-col-1"><h2 class="footer-nav-heading">MDN</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a href="/en-US/about">About</a></li><li class="footer-nav-item"><a href="/en-US/blog/">Blog</a></li><li class="footer-nav-item"><a href="https://www.mozilla.org/en-US/careers/listings/?team=ProdOps" target="_blank" rel="noopener noreferrer">Careers</a></li><li class="footer-nav-item"><a href="/en-US/advertising">Advertise with us</a></li></ul></div><div class="page-footer-nav-col-2"><h2 class="footer-nav-heading">Support</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="https://support.mozilla.org/products/mdn-plus">Product help</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/MDN/Community/Issues">Report an issue</a></li></ul></div><div class="page-footer-nav-col-3"><h2 class="footer-nav-heading">Our communities</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/community">MDN Community</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="https://discourse.mozilla.org/c/mdn/236" target="_blank" rel="noopener noreferrer">MDN Forum</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/discord" target="_blank" rel="noopener noreferrer">MDN Chat</a></li></ul></div><div class="page-footer-nav-col-4"><h2 class="footer-nav-heading">Developers</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Web">Web Technologies</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Learn">Learn Web Development</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/plus">MDN Plus</a></li><li class="footer-nav-item"><a href="https://hacks.mozilla.org/" target="_blank" rel="noopener noreferrer">Hacks Blog</a></li></ul></div><div class="page-footer-moz"><a href="https://www.mozilla.org/" class="footer-moz-logo-link" target="_blank" rel="noopener noreferrer"><svg width="112" height="32" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mozilla-footer-logo-svg">Mozilla logo</title><path d="M41.753 14.218c-2.048 0-3.324 1.522-3.324 4.157 0 2.423 1.119 4.286 3.29 4.286 2.082 0 3.447-1.678 3.447-4.347 0-2.826-1.522-4.096-3.413-4.096Zm54.89 7.044c0 .901.437 1.618 1.645 1.618 1.427 0 2.949-1.024 3.044-3.352-.649-.095-1.365-.185-2.02-.185-1.426-.005-2.668.397-2.668 1.92Z" fill="currentColor"></path><path d="M0 0v32h111.908V0H0Zm32.56 25.426h-5.87v-7.884c0-2.423-.806-3.352-2.39-3.352-1.924 0-2.702 1.365-2.702 3.324v4.868h1.864v3.044h-5.864v-7.884c0-2.423-.806-3.352-2.39-3.352-1.924 0-2.702 1.365-2.702 3.324v4.868h2.669v3.044H6.642v-3.044h1.863v-7.918H6.642V11.42h5.864v2.11c.839-1.489 2.3-2.39 4.252-2.39 2.02 0 3.878.963 4.566 3.01.778-1.862 2.361-3.01 4.566-3.01 2.512 0 4.812 1.522 4.812 4.84v6.402h1.863v3.044h-.005Zm9.036.307c-4.314 0-7.296-2.635-7.296-7.106 0-4.096 2.484-7.481 7.514-7.481s7.481 3.38 7.481 7.29c0 4.472-3.228 7.297-7.699 7.297Zm22.578-.307H51.942l-.403-2.11 7.7-8.846h-4.376l-.621 2.17-2.888-.313.498-4.907h12.294l.313 2.11-7.767 8.852h4.533l.654-2.172 3.167.308-.872 4.908Zm7.99 0h-4.191v-5.03h4.19v5.03Zm0-8.976h-4.191v-5.03h4.19v5.03Zm2.618 8.976 6.054-21.358h3.945l-6.054 21.358h-3.945Zm8.136 0 6.048-21.358h3.945l-6.054 21.358h-3.939Zm21.486.307c-1.863 0-2.887-1.085-3.072-2.792-.805 1.427-2.232 2.792-4.498 2.792-2.02 0-4.314-1.085-4.314-4.006 0-3.447 3.323-4.253 6.518-4.253.778 0 1.584.034 2.3.124v-.465c0-1.427-.034-3.133-2.3-3.133-.84 0-1.488.061-2.143.402l-.453 1.578-3.195-.34.549-3.224c2.45-.996 3.692-1.27 5.992-1.27 3.01 0 5.556 1.55 5.556 4.75v6.083c0 .805.314 1.085.963 1.085.184 0 .375-.034.587-.095l.034 2.11a5.432 5.432 0 0 1-2.524.654Z" fill="currentColor"></path></svg></a><ul class="footer-moz-list"><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Website Privacy Notice</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/#cookies" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Cookies</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/legal/terms/mozilla" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Legal</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/governance/policies/participation/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Community Participation Guidelines</a></li></ul></div><div class="page-footer-legal"><p id="license" class="page-footer-legal-text">Visit<!-- --> <a href="https://www.mozilla.org" target="_blank" rel="noopener noreferrer">Mozilla Corporation’s</a> <!-- -->not-for-profit parent, the<!-- --> <a target="_blank" rel="noopener noreferrer" href="https://foundation.mozilla.org/">Mozilla Foundation</a>.<br/>Portions of this content are ©1998–<!-- -->2024<!-- --> by individual mozilla.org contributors. Content available under<!-- --> <a href="/en-US/docs/MDN/Writing_guidelines/Attrib_copyright_license">a Creative Commons license</a>.</p></div></div></footer></div><script type="application/json" id="hydration">{"url":"/en-US/docs/Learn/Server-side/Django/Authentication","doc":{"isMarkdown":true,"isTranslated":false,"isActive":true,"flaws":{},"title":"Django Tutorial Part 8: User authentication and permissions","mdn_url":"/en-US/docs/Learn/Server-side/Django/Authentication","locale":"en-US","native":"English (US)","sidebarHTML":"<ol><li class=\"section\"><a href=\"/en-US/docs/Learn/Getting_started_with_the_web\">Complete beginners start here!</a></li><li><details><summary>Getting started with the web</summary><ol><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web\">Getting started with the web</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/Installing_basic_software\">Installing basic software</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/What_will_your_website_look_like\">What will your website look like?</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/Dealing_with_files\">Dealing with files</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/HTML_basics\">HTML basics</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/CSS_basics\">CSS basics</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/JavaScript_basics\">JavaScript basics</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/Publishing_your_website\">Publishing your website</a></li><li><a href=\"/en-US/docs/Learn/Getting_started_with_the_web/How_the_Web_works\">How the web works</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/HTML\">HTML — Structuring the web</a></li><li><details><summary>Introduction to HTML</summary><ol><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML\">Introduction to HTML</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/Getting_started\">Getting started with HTML</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/The_head_metadata_in_HTML\">What's in the head? Metadata in HTML</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/HTML_text_fundamentals\">HTML text fundamentals</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/Creating_hyperlinks\">Creating hyperlinks</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/Advanced_text_formatting\">Advanced text formatting</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/Document_and_website_structure\">Document and website structure</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/Debugging_HTML\">Debugging HTML</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/Marking_up_a_letter\">Marking up a letter</a></li><li><a href=\"/en-US/docs/Learn/HTML/Introduction_to_HTML/Structuring_a_page_of_content\">Structuring a page of content</a></li></ol></details></li><li><details><summary>Multimedia and embedding</summary><ol><li><a href=\"/en-US/docs/Learn/HTML/Multimedia_and_embedding\">Multimedia and embedding</a></li><li><a href=\"/en-US/docs/Learn/HTML/Multimedia_and_embedding/Images_in_HTML\">Images in HTML</a></li><li><a href=\"/en-US/docs/Learn/HTML/Multimedia_and_embedding/Video_and_audio_content\">Video and audio content</a></li><li><a href=\"/en-US/docs/Learn/HTML/Multimedia_and_embedding/Other_embedding_technologies\">From object to iframe — other embedding technologies</a></li><li><a href=\"/en-US/docs/Learn/HTML/Multimedia_and_embedding/Adding_vector_graphics_to_the_Web\">Adding vector graphics to the web</a></li><li><a href=\"/en-US/docs/Learn/HTML/Multimedia_and_embedding/Responsive_images\">Responsive images</a></li><li><a href=\"/en-US/docs/Learn/HTML/Multimedia_and_embedding/Mozilla_splash_page\">Mozilla splash page</a></li></ol></details></li><li><details><summary>HTML tables</summary><ol><li><a href=\"/en-US/docs/Learn/HTML/Tables\">HTML tables</a></li><li><a href=\"/en-US/docs/Learn/HTML/Tables/Basics\">HTML table basics</a></li><li><a href=\"/en-US/docs/Learn/HTML/Tables/Advanced\">HTML table advanced features and accessibility</a></li><li><a href=\"/en-US/docs/Learn/HTML/Tables/Structuring_planet_data\">Structuring planet data</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/CSS\">CSS — Styling the web</a></li><li><details><summary>CSS first steps</summary><ol><li><a href=\"/en-US/docs/Learn/CSS/First_steps\">CSS first steps</a></li><li><a href=\"/en-US/docs/Learn/CSS/First_steps/What_is_CSS\">What is CSS?</a></li><li><a href=\"/en-US/docs/Learn/CSS/First_steps/Getting_started\">Getting started with CSS</a></li><li><a href=\"/en-US/docs/Learn/CSS/First_steps/How_CSS_is_structured\">How CSS is structured</a></li><li><a href=\"/en-US/docs/Learn/CSS/First_steps/How_CSS_works\">How CSS works</a></li><li><a href=\"/en-US/docs/Learn/CSS/First_steps/Styling_a_biography_page\">Styling a biography page</a></li></ol></details></li><li><details><summary>CSS building blocks</summary><ol><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks\">CSS building blocks</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Selectors\">CSS selectors</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Selectors/Type_Class_and_ID_Selectors\">Type, class, and ID selectors</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Selectors/Attribute_selectors\">Attribute selectors</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Selectors/Pseudo-classes_and_pseudo-elements\">Pseudo-classes and pseudo-elements</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Selectors/Combinators\">Combinators</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Cascade_and_inheritance\">Cascade, specificity, and inheritance</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Cascade_layers\">Cascade layers</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/The_box_model\">The box model</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Backgrounds_and_borders\">Backgrounds and borders</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Handling_different_text_directions\">Handling different text directions</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Overflowing_content\">Overflowing content</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Values_and_units\">CSS values and units</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Sizing_items_in_CSS\">Sizing items in CSS</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Images_media_form_elements\">Images, media, and form elements</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Styling_tables\">Styling tables</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Advanced_styling_effects\">Advanced styling effects</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Debugging_CSS\">Debugging CSS</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Organizing\">Organizing your CSS</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Fundamental_CSS_comprehension\">Fundamental CSS comprehension</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/Creating_fancy_letterheaded_paper\">Creating fancy letterheaded paper</a></li><li><a href=\"/en-US/docs/Learn/CSS/Building_blocks/A_cool_looking_box\">A cool-looking box</a></li></ol></details></li><li><details><summary>Styling text</summary><ol><li><a href=\"/en-US/docs/Learn/CSS/Styling_text\">CSS styling text</a></li><li><a href=\"/en-US/docs/Learn/CSS/Styling_text/Fundamentals\">Fundamental text and font styling</a></li><li><a href=\"/en-US/docs/Learn/CSS/Styling_text/Styling_lists\">Styling lists</a></li><li><a href=\"/en-US/docs/Learn/CSS/Styling_text/Styling_links\">Styling links</a></li><li><a href=\"/en-US/docs/Learn/CSS/Styling_text/Web_fonts\">Web fonts</a></li><li><a href=\"/en-US/docs/Learn/CSS/Styling_text/Typesetting_a_homepage\">Typesetting a community school homepage</a></li></ol></details></li><li><details><summary>CSS layout</summary><ol><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout\">CSS layout</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Introduction\">Introduction to CSS layout</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Normal_Flow\">Normal Flow</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Flexbox\">Flexbox</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Grids\">Grids</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Floats\">Floats</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Positioning\">Positioning</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Multiple-column_Layout\">Multiple-column layout</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Responsive_Design\">Responsive design</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Media_queries\">Beginner's guide to media queries</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Legacy_Layout_Methods\">Legacy layout methods</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Supporting_Older_Browsers\">Supporting older browsers</a></li><li><a href=\"/en-US/docs/Learn/CSS/CSS_layout/Fundamental_Layout_Comprehension\">Fundamental layout comprehension</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/JavaScript\">JavaScript — Dynamic client-side scripting</a></li><li><details><summary>JavaScript first steps</summary><ol><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps\">JavaScript first steps</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/What_is_JavaScript\">What is JavaScript?</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/A_first_splash\">A first splash into JavaScript</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/What_went_wrong\">What went wrong? Troubleshooting JavaScript</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/Variables\">Storing the information you need — Variables</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/Math\">Basic math in JavaScript — numbers and operators</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/Strings\">Handling text — strings in JavaScript</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/Useful_string_methods\">Useful string methods</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/Arrays\">Arrays</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/First_steps/Silly_story_generator\">Silly story generator</a></li></ol></details></li><li><details><summary>JavaScript building blocks</summary><ol><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks\">JavaScript building blocks</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/conditionals\">Making decisions in your code — conditionals</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/Looping_code\">Looping code</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/Functions\">Functions — reusable blocks of code</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/Build_your_own_function\">Build your own function</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/Return_values\">Function return values</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/Events\">Introduction to events</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/Event_bubbling\">Event bubbling</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Building_blocks/Image_gallery\">Image gallery</a></li></ol></details></li><li><details><summary>Introducing JavaScript objects</summary><ol><li><a href=\"/en-US/docs/Learn/JavaScript/Objects\">Introducing JavaScript objects</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Objects/Basics\">JavaScript object basics</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Objects/Object_prototypes\">Object prototypes</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Objects/Object-oriented_programming\">Object-oriented programming</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Objects/Classes_in_JavaScript\">Classes in JavaScript</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Objects/JSON\">Working with JSON</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Objects/Object_building_practice\">Object building practice</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Objects/Adding_bouncing_balls_features\">Adding features to our bouncing balls demo</a></li></ol></details></li><li><details><summary>Asynchronous JavaScript</summary><ol><li><a href=\"/en-US/docs/Learn/JavaScript/Asynchronous\">Asynchronous JavaScript</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Asynchronous/Introducing\">Introducing asynchronous JavaScript</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Asynchronous/Promises\">How to use promises</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Asynchronous/Implementing_a_promise-based_API\">How to implement a promise-based API</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Asynchronous/Introducing_workers\">Introducing workers</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Asynchronous/Sequencing_animations\">Sequencing animations</a></li></ol></details></li><li><details><summary>Client-side web APIs</summary><ol><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs\">Client-side web APIs</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Introduction\">Introduction to web APIs</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Manipulating_documents\">Manipulating documents</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Fetching_data\">Fetching data from the server</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Third_party_APIs\">Third-party APIs</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Drawing_graphics\">Drawing graphics</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Video_and_audio_APIs\">Video and Audio APIs</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Client-side_web_APIs/Client-side_storage\">Client-side storage</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/Forms\">Web forms — Working with user data</a></li><li><details><summary>Web form building blocks</summary><ol><li><a href=\"/en-US/docs/Learn/Forms\">Web form building blocks</a></li><li><a href=\"/en-US/docs/Learn/Forms/Your_first_form\">Your first form</a></li><li><a href=\"/en-US/docs/Learn/Forms/How_to_structure_a_web_form\">How to structure a web form</a></li><li><a href=\"/en-US/docs/Learn/Forms/Basic_native_form_controls\">Basic native form controls</a></li><li><a href=\"/en-US/docs/Learn/Forms/HTML5_input_types\">The HTML5 input types</a></li><li><a href=\"/en-US/docs/Learn/Forms/Other_form_controls\">Other form controls</a></li><li><a href=\"/en-US/docs/Learn/Forms/Styling_web_forms\">Styling web forms</a></li><li><a href=\"/en-US/docs/Learn/Forms/Advanced_form_styling\">Advanced form styling</a></li><li><a href=\"/en-US/docs/Learn/Forms/UI_pseudo-classes\">UI pseudo-classes</a></li><li><a href=\"/en-US/docs/Learn/Forms/Form_validation\">Client-side form validation</a></li><li><a href=\"/en-US/docs/Learn/Forms/Sending_and_retrieving_form_data\">Sending form data</a></li></ol></details></li><li><details><summary>Advanced web form techniques</summary><ol><li><a href=\"/en-US/docs/Learn/Forms/How_to_build_custom_form_controls\">How to build custom form controls</a></li><li><a href=\"/en-US/docs/Learn/Forms/Sending_forms_through_JavaScript\">Sending forms through JavaScript</a></li><li><a href=\"/en-US/docs/Learn/Forms/Property_compatibility_table_for_form_controls\">CSS property compatibility table for form controls</a></li><li><a href=\"/en-US/docs/Learn/Forms/HTML_forms_in_legacy_browsers\">HTML forms in legacy browsers</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/Accessibility\">Accessibility — Make the web usable by everyone</a></li><li><details><summary>Accessibility guides</summary><ol><li><a href=\"/en-US/docs/Learn/Accessibility\">Accessibility</a></li><li><a href=\"/en-US/docs/Learn/Accessibility/What_is_accessibility\">What is accessibility?</a></li><li><a href=\"/en-US/docs/Learn/Accessibility/HTML\">HTML: A good basis for accessibility</a></li><li><a href=\"/en-US/docs/Learn/Accessibility/CSS_and_JavaScript\">CSS and JavaScript accessibility best practices</a></li><li><a href=\"/en-US/docs/Learn/Accessibility/WAI-ARIA_basics\">WAI-ARIA basics</a></li><li><a href=\"/en-US/docs/Learn/Accessibility/Multimedia\">Accessible multimedia</a></li><li><a href=\"/en-US/docs/Learn/Accessibility/Mobile\">Mobile accessibility</a></li><li><a href=\"/en-US/docs/Learn/Accessibility/Accessibility_troubleshooting\">Assessment: Accessibility troubleshooting</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/Performance\">Performance — Making websites fast and responsive</a></li><li><details><summary>Performance guides</summary><ol><li><a href=\"/en-US/docs/Learn/Performance\">Web performance</a></li><li><a href=\"/en-US/docs/Learn/Performance/why_web_performance\">The \"why\" of web performance</a></li><li><a href=\"/en-US/docs/Learn/Performance/What_is_web_performance\">What is web performance?</a></li><li><a href=\"/en-US/docs/Learn/Performance/Perceived_performance\">Perceived performance</a></li><li><a href=\"/en-US/docs/Learn/Performance/Measuring_performance\">Measuring performance</a></li><li><a href=\"/en-US/docs/Learn/Performance/Multimedia\">Multimedia: Images</a></li><li><a href=\"/en-US/docs/Learn/Performance/video\">Multimedia: video</a></li><li><a href=\"/en-US/docs/Learn/Performance/JavaScript\">JavaScript performance optimization</a></li><li><a href=\"/en-US/docs/Learn/Performance/HTML\">HTML performance optimization</a></li><li><a href=\"/en-US/docs/Learn/Performance/CSS\">CSS performance optimization</a></li><li><a href=\"/en-US/docs/Learn/Performance/business_case_for_performance\">The business case for web performance</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/MathML\">MathML — Writing mathematics with MathML</a></li><li><details><summary>MathML first steps</summary><ol><li><a href=\"/en-US/docs/Learn/MathML/First_steps\">MathML first steps</a></li><li><a href=\"/en-US/docs/Learn/MathML/First_steps/Getting_started\">Getting started with MathML</a></li><li><a href=\"/en-US/docs/Learn/MathML/First_steps/Text_containers\">MathML Text Containers</a></li><li><a href=\"/en-US/docs/Learn/MathML/First_steps/Fractions_and_roots\">MathML fractions and roots</a></li><li><a href=\"/en-US/docs/Learn/MathML/First_steps/Scripts\">MathML scripted elements</a></li><li><a href=\"/en-US/docs/Learn/MathML/First_steps/Tables\">MathML tables</a></li><li><a href=\"/en-US/docs/Learn/MathML/First_steps/Three_famous_mathematical_formulas\">Three famous mathematical formulas</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/../Games\">Games — Developing games for the web</a></li><li><details><summary>Guides and tutorials</summary><ol><li><a href=\"/en-US/docs/Games/Introduction\">Introduction to game development for the Web</a></li><li><a href=\"/en-US/docs/Games/Techniques\">Techniques for game development</a></li><li><a href=\"/en-US/docs/Games/Tutorials\">Tutorials</a></li><li><a href=\"/en-US/docs/Games/Publishing_games\">Publishing games</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/Tools_and_testing\">Tools and testing</a></li><li><details><summary>Client-side web development tools</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools\">Understanding client-side web development tools</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Overview\">Client-side tooling overview</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Command_line\">Command line crash course</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Package_management\">Package management basics</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Introducing_complete_toolchain\">Introducing a complete toolchain</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Understanding_client-side_tools/Deployment\">Deploying our app</a></li></ol></details></li><li><details><summary>Introduction to client-side frameworks</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Introduction\">Introduction to client-side frameworks</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Main_features\">Framework main features</a></li></ol></details></li><li><details><summary>React</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_getting_started\">Getting started with React</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_todo_list_beginning\">Beginning our React todo list</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_components\">Componentizing our React app</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_interactivity_events_state\">React interactivity: Events and state</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_interactivity_filtering_conditional_rendering\">React interactivity: Editing, filtering, conditional rendering</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_accessibility\">Accessibility in React</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/React_resources\">React resources</a></li></ol></details></li><li><details><summary>Ember</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_getting_started\">Getting started with Ember</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_structure_componentization\">Ember app structure and componentization</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_interactivity_events_state\">Ember interactivity: Events, classes and state</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_conditional_footer\">Ember Interactivity: Footer functionality, conditional rendering</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_routing\">Routing in Ember</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Ember_resources\">Ember resources and troubleshooting</a></li></ol></details></li><li><details><summary>Vue</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_getting_started\">Getting started with Vue</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_first_component\">Creating our first Vue component</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_rendering_lists\">Rendering a list of Vue components</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_methods_events_models\">Adding a new todo form: Vue events, methods, and models</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_styling\">Styling Vue components with CSS</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_computed_properties\">Using Vue computed properties</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_conditional_rendering\">Vue conditional rendering: editing existing todos</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_refs_focus_management\">Vue refs and lifecycle methods for focus management</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Vue_resources\">Vue resources</a></li></ol></details></li><li><details><summary>Svelte</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_getting_started\">Getting started with Svelte</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_Todo_list_beginning\">Starting our Svelte to-do list app</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_variables_props\">Dynamic behavior in Svelte: working with variables and props</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_components\">Componentizing our Svelte app</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_reactivity_lifecycle_accessibility\">Advanced Svelte: Reactivity, lifecycle, accessibility</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_stores\">Working with Svelte stores</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_TypeScript\">TypeScript support in Svelte</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Svelte_deployment_next\">Deployment and next steps</a></li></ol></details></li><li><details><summary>Angular</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_getting_started\">Getting started with Angular</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_todo_list_beginning\">Beginning our Angular todo list app</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_styling\">Styling our Angular app</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_item_component\">Creating an item component</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_filtering\">Filtering our to-do items</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Client-side_JavaScript_frameworks/Angular_building\">Building Angular applications and further resources</a></li></ol></details></li><li><details><summary>Git and GitHub</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/GitHub\">Git and GitHub</a></li></ol></details></li><li><details><summary>Cross browser testing</summary><ol><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing\">Cross browser testing</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Introduction\">Introduction to cross-browser testing</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Testing_strategies\">Strategies for carrying out testing</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/HTML_and_CSS\">Handling common HTML and CSS problems</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/JavaScript\">Handling common JavaScript problems</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility\">Handling common accessibility problems</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Feature_detection\">Implementing feature detection</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Automated_testing\">Introduction to automated testing</a></li><li><a href=\"/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Your_own_automation_environment\">Setting up your own test automation environment</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/Server-side\">Server-side website programming</a></li><li><details><summary>First steps</summary><ol><li><a href=\"/en-US/docs/Learn/Server-side/First_steps\">Server-side website programming first steps</a></li><li><a href=\"/en-US/docs/Learn/Server-side/First_steps/Introduction\">Introduction to the server side</a></li><li><a href=\"/en-US/docs/Learn/Server-side/First_steps/Client-Server_overview\">Client-Server Overview</a></li><li><a href=\"/en-US/docs/Learn/Server-side/First_steps/Web_frameworks\">Server-side web frameworks</a></li><li><a href=\"/en-US/docs/Learn/Server-side/First_steps/Website_security\">Website security</a></li></ol></details></li><li><details open=\"\"><summary>Django web framework (Python)</summary><ol><li><a href=\"/en-US/docs/Learn/Server-side/Django\">Django Web Framework (Python)</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Introduction\">Django introduction</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/development_environment\">Setting up a Django development environment</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Tutorial_local_library_website\">Django Tutorial: The Local Library website</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/skeleton_website\">Django Tutorial Part 2: Creating a skeleton website</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Models\">Django Tutorial Part 3: Using models</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Admin_site\">Django Tutorial Part 4: Django admin site</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Home_page\">Django Tutorial Part 5: Creating our home page</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Generic_views\">Django Tutorial Part 6: Generic list and detail views</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Sessions\">Django Tutorial Part 7: Sessions framework</a></li><li><em><a href=\"/en-US/docs/Learn/Server-side/Django/Authentication\" aria-current=\"page\">Django Tutorial Part 8: User authentication and permissions</a></em></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Forms\">Django Tutorial Part 9: Working with forms</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Testing\">Django Tutorial Part 10: Testing a Django web application</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/Deployment\">Django Tutorial Part 11: Deploying Django to production</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/web_application_security\">Django web application security</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Django/django_assessment_blog\">Assessment: DIY Django mini blog</a></li></ol></details></li><li><details><summary>Express Web Framework (Node.js/JavaScript)</summary><ol><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs\">Express web framework (Node.js/JavaScript)</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/Introduction\">Express/Node introduction</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/development_environment\">Setting up a Node development environment</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/Tutorial_local_library_website\">Express Tutorial: The Local Library website</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/skeleton_website\">Express Tutorial Part 2: Creating a skeleton website</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/mongoose\">Express Tutorial Part 3: Using a Database (with Mongoose)</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/routes\">Express Tutorial Part 4: Routes and controllers</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/Displaying_data\">Express Tutorial Part 5: Displaying library data</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/forms\">Express Tutorial Part 6: Working with forms</a></li><li><a href=\"/en-US/docs/Learn/Server-side/Express_Nodejs/deployment\">Express Tutorial Part 7: Deploying to production</a></li></ol></details></li><li class=\"section\"><a href=\"/en-US/docs/Learn/Common_questions\">Further resources</a></li><li><details><summary>Common questions</summary><ol><li><a href=\"/en-US/docs/Learn/Common_questions\">Common questions</a></li><li><a href=\"/en-US/docs/Learn/HTML/Howto\">Use HTML to solve common problems</a></li><li><a href=\"/en-US/docs/Learn/CSS/Howto\">Use CSS to solve common problems</a></li><li><a href=\"/en-US/docs/Learn/JavaScript/Howto\">Solve common problems in your JavaScript code</a></li><li><a href=\"/en-US/docs/Learn/Common_questions/Web_mechanics\">Web mechanics</a></li><li><a href=\"/en-US/docs/Learn/Common_questions/Tools_and_setup\">Tools and setup</a></li><li><a href=\"/en-US/docs/Learn/Common_questions/Design_and_accessibility\">Design and accessibility</a></li></ol></details></li></ol>","sidebarMacro":"LearnSidebar","body":[{"type":"prose","value":{"id":null,"title":null,"isH3":false,"content":"<ul class=\"prev-next\">\n <li><a class=\"button secondary\" href=\"/en-US/docs/Learn/Server-side/Django/Sessions\"><span class=\"button-wrap\"> Previous </span></a></li>\n <li><a class=\"button secondary\" href=\"/en-US/docs/Learn/Server-side/Django\"><span class=\"button-wrap\"> Overview: Django Web Framework (Python)</span></a></li>\n <li><a class=\"button secondary\" href=\"/en-US/docs/Learn/Server-side/Django/Forms\"><span class=\"button-wrap\"> Next </span></a></li>\n</ul>\n<p>In this tutorial, we'll show you how to allow users to log in to your site with their own accounts, and how to control what they can do and see based on whether or not they are logged in and their <em>permissions</em>. As part of this demonstration, we'll extend the <a href=\"/en-US/docs/Learn/Server-side/Django/Tutorial_local_library_website\">LocalLibrary</a> website, adding login and logout pages, and user- and staff-specific pages for viewing books that have been borrowed.</p>\n<figure class=\"table-container\"><table>\n <tbody>\n <tr>\n <th scope=\"row\">Prerequisites:</th>\n <td>Complete all previous tutorial topics, up to and including <a href=\"/en-US/docs/Learn/Server-side/Django/Sessions\">Django Tutorial Part 7: Sessions framework</a>.</td>\n </tr>\n <tr>\n <th scope=\"row\">Objective:</th>\n <td>To understand how to set up and use user authentication and permissions.</td>\n </tr>\n </tbody>\n</table></figure>"}},{"type":"prose","value":{"id":"overview","title":"Overview","isH3":false,"content":"<p>Django provides an authentication and authorization (\"permission\") system, built on top of the session framework discussed in the <a href=\"/en-US/docs/Learn/Server-side/Django/Sessions\">previous tutorial</a>, that allows you to verify user credentials and define what actions each user is allowed to perform. The framework includes built-in models for <code>Users</code> and <code>Groups</code> (a generic way of applying permissions to more than one user at a time), permissions/flags that designate whether a user may perform a task, forms and views for logging in users, and view tools for restricting content.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> According to Django the authentication system aims to be very generic, and so does not provide some features provided in other web authentication systems. Solutions for some common problems are available as third-party packages. For example, <a href=\"/en-US/docs/Glossary/Throttle\">throttling</a> of login attempts and authentication against third parties (e.g. OAuth).</p>\n</div>\n<p>In this tutorial, we'll show you how to enable user authentication in the <a href=\"/en-US/docs/Learn/Server-side/Django/Tutorial_local_library_website\">LocalLibrary</a> website, create your own login and logout pages, add permissions to your models, and control access to pages. We'll use the authentication/permissions to display lists of books that have been borrowed for both users and librarians.</p>\n<p>The authentication system is very flexible, and you can build up your URLs, forms, views, and templates from scratch if you like, just calling the provided API to log in the user. However, in this article, we're going to use Django's \"stock\" authentication views and forms for our login and logout pages. We'll still need to create some templates, but that's pretty easy.</p>\n<p>We'll also show you how to create permissions, and check on login status and permissions in both views and templates.</p>"}},{"type":"prose","value":{"id":"enabling_authentication","title":"Enabling authentication","isH3":false,"content":"<p>The authentication was enabled automatically when we <a href=\"/en-US/docs/Learn/Server-side/Django/skeleton_website\">created the skeleton website</a> (in tutorial 2) so you don't need to do anything more at this point.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> The necessary configuration was all done for us when we created the app using the <code>django-admin startproject</code> command. The database tables for users and model permissions were created when we first called <code>python manage.py migrate</code>.</p>\n</div>\n<p>The configuration is set up in the <code>INSTALLED_APPS</code> and <code>MIDDLEWARE</code> sections of the project file (<strong>django-locallibrary-tutorial/locallibrary/settings.py</strong>), as shown below:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>INSTALLED_APPS = [\n # …\n 'django.contrib.auth', # Core authentication framework and its default models.\n 'django.contrib.contenttypes', # Django content type system (allows permissions to be associated with models).\n # …\n\nMIDDLEWARE = [\n # …\n 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests\n # …\n 'django.contrib.auth.middleware.AuthenticationMiddleware', # Associates users with requests using sessions.\n # …\n</code></pre></div>"}},{"type":"prose","value":{"id":"creating_users_and_groups","title":"Creating users and groups","isH3":false,"content":"<p>\n You already created your first user when we looked at the <a href=\"/en-US/docs/Learn/Server-side/Django/Admin_site\">Django admin site</a> in tutorial 4 (this was a superuser, created with the command <code>python manage.py createsuperuser</code>).\n Our superuser is already authenticated and has all permissions, so we'll need to create a test user to represent a normal site user. We'll be using the admin site to create our <em>locallibrary</em> groups and website logins, as it is one of the quickest ways to do so.\n</p>\n<div class=\"notecard note\">\n <p>\n <strong>Note:</strong> You can also create users programmatically as shown below.\n You would have to do this, for example, if developing an interface to allow \"ordinary\" users to create their own logins (you shouldn't give most users access to the admin site).\n </p>\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.models import User\n\n# Create user and save to the database\nuser = User.objects.create_user('myusername', 'myemail@crazymail.com', 'mypassword')\n\n# Update fields and then save again\nuser.first_name = 'Tyrone'\nuser.last_name = 'Citizen'\nuser.save()\n</code></pre></div>\n <p>\n Note however that it is highly recommended to set up a <em>custom user model</em> when starting a project, as you'll be able to easily customize it in the future if the need arises.\n If using a custom user model the code to create the same user would look like this:\n </p>\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code># Get current user model from settings\nfrom django.contrib.auth import get_user_model\nUser = get_user_model()\n\n# Create user from model and save to the database\nuser = User.objects.create_user('myusername', 'myemail@crazymail.com', 'mypassword')\n\n# Update fields and then save again\nuser.first_name = 'Tyrone'\nuser.last_name = 'Citizen'\nuser.save()\n</code></pre></div>\n <p>For more information, see <a href=\"https://docs.djangoproject.com/en/5.0/topics/auth/customizing/#using-a-custom-user-model-when-starting-a-project\" class=\"external\" target=\"_blank\">Using a custom user model when starting a project</a> (Django docs).</p>\n</div>\n<p>Below we'll first create a group and then a user. Even though we don't have any permissions to add for our library members yet, if we need to later, it will be much easier to add them once to the group than individually to each member.</p>\n<p>Start the development server and navigate to the admin site in your local web browser (<code>http://127.0.0.1:8000/admin/</code>). Login to the site using the credentials for your superuser account. The top level of the Admin site displays all of your models, sorted by \"Django application\". From the <strong>Authentication and Authorization</strong> section, you can click the <strong>Users</strong> or <strong>Groups</strong> links to see their existing records.</p>\n<p>\n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add.png\" alt=\"Admin site - add groups or users\" width=\"661\" height=\"364\" loading=\"lazy\">\n</p>\n<p>First lets create a new group for our library members.</p>\n<ol>\n <li>\n Click the <strong>Add</strong> button (next to Group) to create a new <em>Group</em>; enter the <strong>Name</strong> \"Library Members\" for the group.\n \n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add_group.png\" alt=\"Admin site - add group\" width=\"966\" height=\"677\" loading=\"lazy\">\n </li>\n <li>We don't need any permissions for the group, so just press <strong>SAVE</strong> (you will be taken to a list of groups).</li>\n</ol>\n<p>Now let's create a user:</p>\n<ol>\n <li>\n <p>Navigate back to the home page of the admin site</p>\n </li>\n <li>\n <p>\n Click the <strong>Add</strong> button next to <em>Users</em> to open the <em>Add user</em> dialog box.\n \n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add_user_prt1.png\" alt=\"Admin site - add user pt1\" width=\"956\" height=\"489\" loading=\"lazy\">\n </p>\n </li>\n <li>\n <p>Enter an appropriate <strong>Username</strong> and <strong>Password</strong>/<strong>Password confirmation</strong> for your test user</p>\n </li>\n <li>\n <p>Press <strong>SAVE</strong> to create the user.</p>\n <p>\n The admin site will create the new user and immediately take you to a <em>Change user</em> screen where you can change your <strong>username</strong> and add information for the User model's optional fields. These fields include the first name, last name, email address, and the user's status and permissions (only the <strong>Active</strong> flag should be set). Further down you can specify the user's groups and permissions, and see important dates related to the user (e.g. their join date and last login date).\n \n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_add_user_prt2.png\" alt=\"Admin site - add user pt2\" width=\"992\" height=\"788\" loading=\"lazy\">\n </p>\n </li>\n <li>\n <p>\n In the <em>Groups</em> section, select <strong>Library Member</strong> group from the list of <em>Available groups</em>, and then press the <strong>right-arrow</strong> between the boxes to move it into the <em>Chosen groups</em> box.\n \n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/admin_authentication_user_add_group.png\" alt=\"Admin site - add user to group\" width=\"933\" height=\"414\" loading=\"lazy\">\n </p>\n </li>\n <li>\n <p>We don't need to do anything else here, so just select <strong>SAVE</strong> again, to go to the list of users.</p>\n </li>\n</ol>\n<p>That's it! Now you have a \"normal library member\" account that you will be able to use for testing (once we've implemented the pages to enable them to log in).</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> You should try creating another library member user. Also, create a group for Librarians, and add a user to that too!</p>\n</div>"}},{"type":"prose","value":{"id":"setting_up_your_authentication_views","title":"Setting up your authentication views","isH3":false,"content":"<p>Django provides almost everything you need to create authentication pages to handle login, log out, and password management \"out of the box\". This includes a URL mapper, views and forms, but it does not include the templates — we have to create our own!</p>\n<p>In this section, we show how to integrate the default system into the <em>LocalLibrary</em> website and create the templates. We'll put them in the main project URLs.</p>\n<div class=\"notecard note\">\n <p>\n <strong>Note:</strong> You don't have to use any of this code, but it is likely that you'll want to because it makes things a lot easier.\n You'll almost certainly need to change the form handling code if you change your user model, but even so, you would still be able to use the stock view functions.\n </p>\n</div>\n<div class=\"notecard note\">\n <p>\n <strong>Note:</strong> In this case, we could reasonably put the authentication pages, including the URLs and templates, inside our catalog application.\n However, if we had multiple applications it would be better to separate out this shared login behavior and have it available across the whole site, so that is what we've shown here!\n </p>\n</div>"}},{"type":"prose","value":{"id":"project_urls","title":"Project URLs","isH3":true,"content":"<p>Add the following to the bottom of the project urls.py file (<strong>django-locallibrary-tutorial/locallibrary/urls.py</strong>) file:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code># Add Django site authentication urls (for login, logout, password management)\n\nurlpatterns += [\n path('accounts/', include('django.contrib.auth.urls')),\n]\n</code></pre></div>\n<p>\n Navigate to the <code>http://127.0.0.1:8000/accounts/</code> URL (note the trailing forward slash!).\n Django will show an error that it could not find a mapping for this URL, and list all the URLs that it tried.\n From this you can see the URLs that will work once we have created templates.\n</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> Adding the <code>accounts/</code> path as shown above adds the following URLs, along with names (given in square brackets) that can be used to reverse the URL mappings. You don't have to implement anything else — the above URL mapping automatically maps the below mentioned URLs.</p>\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>accounts/ login/ [name='login']\naccounts/ logout/ [name='logout']\naccounts/ password_change/ [name='password_change']\naccounts/ password_change/done/ [name='password_change_done']\naccounts/ password_reset/ [name='password_reset']\naccounts/ password_reset/done/ [name='password_reset_done']\naccounts/ reset/&lt;uidb64&gt;/&lt;token&gt;/ [name='password_reset_confirm']\naccounts/ reset/done/ [name='password_reset_complete']\n</code></pre></div>\n</div>\n<p>\n Now try to navigate to the login URL (<code>http://127.0.0.1:8000/accounts/login/</code>). This will fail again, but with an error that tells you that we're missing the required template (<strong>registration/login.html</strong>) on the template search path.\n You'll see the following lines listed in the yellow section at the top:\n</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>Exception Type: TemplateDoesNotExist\nException Value: registration/login.html\n</code></pre></div>\n<p>The next step is to create a directory for the templates named \"registration\" and then add the <strong>login.html</strong> file.</p>"}},{"type":"prose","value":{"id":"template_directory","title":"Template directory","isH3":true,"content":"<p>The URLs (and implicitly, views) that we just added expect to find their associated templates in a directory <strong>/registration/</strong> somewhere in the templates search path.</p>\n<p>For this site, we'll put our HTML pages in the <strong>templates/registration/</strong> directory. This directory should be in your project root directory, that is, the same directory as the <strong>catalog</strong> and <strong>locallibrary</strong> folders. Please create these folders now.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> Your folder structure should now look like the below:</p>\n <pre class=\"brush: plain notranslate\">django-locallibrary-tutorial/ # Django top level project folder\n catalog/\n locallibrary/\n templates/\n registration/\n</pre>\n</div>\n<p>\n To make the <strong>templates</strong> directory visible to the template loader we need to add it in the template search path.\n Open the project settings (<strong>/django-locallibrary-tutorial/locallibrary/settings.py</strong>).\n</p>\n<p>Then import the <code>os</code> module (add the following line near the top of the file if it isn't already present).</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>import os # needed by code below\n</code></pre></div>\n<p>Update the <code>TEMPLATES</code> section's <code>'DIRS'</code> line as shown:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code> # …\n TEMPLATES = [\n {\n # …\n 'DIRS': [os.path.join(BASE_DIR, 'templates')],\n 'APP_DIRS': True,\n # …\n</code></pre></div>"}},{"type":"prose","value":{"id":"login_template","title":"Login template","isH3":true,"content":"<div class=\"notecard warning\">\n <p><strong>Warning:</strong> The authentication templates provided in this article are a very basic/slightly modified version of the Django demonstration login templates. You may need to customize them for your own use!</p>\n</div>\n<p>Create a new HTML file called /<strong>django-locallibrary-tutorial/templates/registration/login.html</strong> and give it the following contents:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% extends \"base_generic.html\" %}\n\n{% block content %}\n\n {% if form.errors %}\n &lt;p&gt;Your username and password didn't match. Please try again.&lt;/p&gt;\n {% endif %}\n\n {% if next %}\n {% if user.is_authenticated %}\n &lt;p&gt;Your account doesn't have access to this page. To proceed,\n please login with an account that has access.&lt;/p&gt;\n {% else %}\n &lt;p&gt;Please login to see this page.&lt;/p&gt;\n {% endif %}\n {% endif %}\n\n &lt;form method=\"post\" action=\"{% url 'login' %}\"&gt;\n {% csrf_token %}\n &lt;table&gt;\n &lt;tr&gt;\n &lt;td&gt;{{ form.username.label_tag }}&lt;/td&gt;\n &lt;td&gt;{{ form.username }}&lt;/td&gt;\n &lt;/tr&gt;\n &lt;tr&gt;\n &lt;td&gt;{{ form.password.label_tag }}&lt;/td&gt;\n &lt;td&gt;{{ form.password }}&lt;/td&gt;\n &lt;/tr&gt;\n &lt;/table&gt;\n &lt;input type=\"submit\" value=\"login\"&gt;\n &lt;input type=\"hidden\" name=\"next\" value=\"{{ next }}\"&gt;\n &lt;/form&gt;\n\n {# Assumes you set up the password_reset view in your URLconf #}\n &lt;p&gt;&lt;a href=\"{% url 'password_reset' %}\"&gt;Lost password?&lt;/a&gt;&lt;/p&gt;\n\n{% endblock %}\n</code></pre></div>\n<p>This template shares some similarities with the ones we've seen before — it extends our base template and overrides the <code>content</code> block. The rest of the code is fairly standard form handling code, which we will discuss in a later tutorial. All you need to know for now is that this will display a form in which you can enter your username and password, and that if you enter invalid values you will be prompted to enter correct values when the page refreshes.</p>\n<p>Navigate back to the login page (<code>http://127.0.0.1:8000/accounts/login/</code>) once you've saved your template, and you should see something like this:</p>\n<p>\n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/library_login.png\" alt=\"Library login page v1\" width=\"441\" height=\"173\" loading=\"lazy\">\n</p>\n<p>If you log in using valid credentials, you'll be redirected to another page (by default this will be <code>http://127.0.0.1:8000/accounts/profile/</code>). The problem is that, by default, Django expects that upon logging in you will want to be taken to a profile page, which may or may not be the case. As you haven't defined this page yet, you'll get another error!</p>\n<p>Open the project settings (<strong>/django-locallibrary-tutorial/locallibrary/settings.py</strong>) and add the text below to the bottom. Now when you log in you should be redirected to the site homepage by default.</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code># Redirect to home URL after login (Default redirects to /accounts/profile/)\nLOGIN_REDIRECT_URL = '/'\n</code></pre></div>"}},{"type":"prose","value":{"id":"logout_template","title":"Logout template","isH3":true,"content":"<p>\n If you navigate to the logout URL (<code>http://127.0.0.1:8000/accounts/logout/</code>) then you'll get an error because Django 5 does not allow logout using <code>GET</code>, only <code>POST</code>.\n We'll add a form you can use to logout in a minute, but first we'll create the page that users are taken to after logging out.\n</p>\n<p>Create and open <strong>/django-locallibrary-tutorial/templates/registration/logged_out.html</strong>. Copy in the text below:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% extends \"base_generic.html\" %}\n\n{% block content %}\n &lt;p&gt;Logged out!&lt;/p&gt;\n &lt;a href=\"{% url 'login'%}\"&gt;Click here to login again.&lt;/a&gt;\n{% endblock %}\n</code></pre></div>\n<p>This template is very simple. It just displays a message informing you that you have been logged out, and provides a link that you can press to go back to the login screen. The screen renders like this (after logout):</p>\n<p>\n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/library_logout.png\" alt=\"Library logout page v1\" width=\"385\" height=\"169\" loading=\"lazy\">\n</p>"}},{"type":"prose","value":{"id":"password_reset_templates","title":"Password reset templates","isH3":true,"content":"<p>The default password reset system uses email to send the user a reset link. You need to create forms to get the user's email address, send the email, allow them to enter a new password, and to note when the whole process is complete.</p>\n<p>The following templates can be used as a starting point.</p>\n<h4 id=\"password_reset_form\">Password reset form</h4>\n<p>This is the form used to get the user's email address (for sending the password reset email). Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_form.html</strong>, and give it the following contents:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% extends \"base_generic.html\" %}\n\n{% block content %}\n &lt;form action=\"\" method=\"post\"&gt;\n {% csrf_token %}\n {% if form.email.errors %}\n {{ form.email.errors }}\n {% endif %}\n &lt;p&gt;{{ form.email }}&lt;/p&gt;\n &lt;input type=\"submit\" class=\"btn btn-default btn-lg\" value=\"Reset password\"&gt;\n &lt;/form&gt;\n{% endblock %}\n</code></pre></div>\n<h4 id=\"password_reset_done\">Password reset done</h4>\n<p>This form is displayed after your email address has been collected. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_done.html</strong>, and give it the following contents:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% extends \"base_generic.html\" %}\n\n{% block content %}\n &lt;p&gt;We've emailed you instructions for setting your password. If they haven't arrived in a few minutes, check your spam folder.&lt;/p&gt;\n{% endblock %}\n</code></pre></div>\n<h4 id=\"password_reset_email\">Password reset email</h4>\n<p>This template provides the text of the HTML email containing the reset link that we will send to users. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_email.html</strong>, and give it the following contents:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>Someone asked for password reset for email {{ email }}. Follow the link below:\n{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}\n</code></pre></div>\n<h4 id=\"password_reset_confirm\">Password reset confirm</h4>\n<p>This page is where you enter your new password after clicking the link in the password reset email. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_confirm.html</strong>, and give it the following contents:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% extends \"base_generic.html\" %}\n\n{% block content %}\n {% if validlink %}\n &lt;p&gt;Please enter (and confirm) your new password.&lt;/p&gt;\n &lt;form action=\"\" method=\"post\"&gt;\n {% csrf_token %}\n &lt;table&gt;\n &lt;tr&gt;\n &lt;td&gt;{{ form.new_password1.errors }}\n &lt;label for=\"id_new_password1\"&gt;New password:&lt;/label&gt;&lt;/td&gt;\n &lt;td&gt;{{ form.new_password1 }}&lt;/td&gt;\n &lt;/tr&gt;\n &lt;tr&gt;\n &lt;td&gt;{{ form.new_password2.errors }}\n &lt;label for=\"id_new_password2\"&gt;Confirm password:&lt;/label&gt;&lt;/td&gt;\n &lt;td&gt;{{ form.new_password2 }}&lt;/td&gt;\n &lt;/tr&gt;\n &lt;tr&gt;\n &lt;td&gt;&lt;/td&gt;\n &lt;td&gt;&lt;input type=\"submit\" value=\"Change my password\"&gt;&lt;/td&gt;\n &lt;/tr&gt;\n &lt;/table&gt;\n &lt;/form&gt;\n {% else %}\n &lt;h1&gt;Password reset failed&lt;/h1&gt;\n &lt;p&gt;The password reset link was invalid, possibly because it has already been used. Please request a new password reset.&lt;/p&gt;\n {% endif %}\n{% endblock %}\n</code></pre></div>\n<h4 id=\"password_reset_complete\">Password reset complete</h4>\n<p>This is the last password-reset template, which is displayed to notify you when the password reset has succeeded. Create <strong>/django-locallibrary-tutorial/templates/registration/password_reset_complete.html</strong>, and give it the following contents:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% extends \"base_generic.html\" %}\n\n{% block content %}\n &lt;h1&gt;The password has been changed!&lt;/h1&gt;\n &lt;p&gt;&lt;a href=\"{% url 'login' %}\"&gt;log in again?&lt;/a&gt;&lt;/p&gt;\n{% endblock %}\n</code></pre></div>"}},{"type":"prose","value":{"id":"testing_the_new_authentication_pages","title":"Testing the new authentication pages","isH3":true,"content":"<p>Now that you've added the URL configuration and created all these templates, the authentication pages (other than logout) should now just work!</p>\n<p>\n You can test the new authentication pages by first attempting to log in to your superuser account using the URL <code>http://127.0.0.1:8000/accounts/login/</code>.\n You'll be able to test the password reset functionality from the link in the login page. <strong>Be aware that Django will only send reset emails to addresses (users) that are already stored in its database!</strong>\n</p>\n<p>Note that you won't be able to test account logout yet, because logout requests must be sent as a <code>POST</code> rather than a <code>GET</code> request.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> The password reset system requires that your website supports email, which is beyond the scope of this article, so this part <strong>won't work yet</strong>. To allow testing, put the following line at the end of your settings.py file. This logs any emails sent to the console (so you can copy the password reset link from the console).</p>\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'\n</code></pre></div>\n <p>For more information, see <a href=\"https://docs.djangoproject.com/en/5.0/topics/email/\" class=\"external\" target=\"_blank\">Sending email</a> (Django docs).</p>\n</div>"}},{"type":"prose","value":{"id":"testing_against_authenticated_users","title":"Testing against authenticated users","isH3":false,"content":"<p>This section looks at what we can do to selectively control content the user sees based on whether they are logged in or not.</p>"}},{"type":"prose","value":{"id":"testing_in_templates","title":"Testing in templates","isH3":true,"content":"<p>You can get information about the currently logged in user in templates with the <code>{{ user }}</code> template variable (this is added to the template context by default when you set up the project as we did in our skeleton).</p>\n<p>Typically you will first test against the <code>{{ user.is_authenticated }}</code> template variable to determine whether the user is eligible to see specific content. To demonstrate this, next we'll update our sidebar to display a \"Login\" link if the user is logged out, and a \"Logout\" link if they are logged in.</p>\n<p>Open the base template (<strong>/django-locallibrary-tutorial/catalog/templates/base_generic.html</strong>) and copy the following text into the <code>sidebar</code> block, immediately before the <code>endblock</code> template tag.</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code> &lt;ul class=\"sidebar-nav\"&gt;\n …\n {% if user.is_authenticated %}\n &lt;li&gt;User: {{ user.get_username }}&lt;/li&gt;\n &lt;li&gt;\n &lt;form id=\"logout-form\" method=\"post\" action=\"{% url 'logout' %}\"&gt;\n {% csrf_token %}\n &lt;button type=\"submit\" class=\"btn btn-link\"&gt;Logout&lt;/button&gt;\n &lt;/form&gt;\n &lt;/li&gt;\n {% else %}\n &lt;li&gt;&lt;a href=\"{% url 'login' %}?next={{ request.path }}\"&gt;Login&lt;/a&gt;&lt;/li&gt;\n {% endif %}\n …\n &lt;/ul&gt;\n</code></pre></div>\n<p>As you can see, we use <code>if</code> / <code>else</code> / <code>endif</code> template tags to conditionally display text based on whether <code>{{ user.is_authenticated }}</code> is true. If the user is authenticated then we know that we have a valid user, so we call <code>{{ user.get_username }}</code> to display their name.</p>\n<p>We create the login link URL using the <code>url</code> template tag and the name of the <code>login</code> URL configuration. Note also how we have appended <code>?next={{ request.path }}</code> to the end of the URL. What this does is add a URL parameter <code>next</code> containing the address (URL) of the <em>current</em> page, to the end of the linked URL. After the user has successfully logged in, the view will use this <code>next</code> value to redirect the user back to the page where they first clicked the login link.</p>\n<p>\n The logout template code is different, because from Django 5 to logout you must <code>POST</code> to the <code>admin:logout</code> URL, using a form with a button.\n By default this would render as a button, but you can style the button to display as a link.\n For this example we're using <em>Bootstrap</em>, so we make the button look like a link by applying <code>class=\"btn btn-link\"</code>.\n You also need to append the following styles to <strong>/django-locallibrary-tutorial/catalog/static/css/styles.css</strong> in order to correctly position the logout link next to all the other sidebar links:\n</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">css</span></div><pre class=\"brush: css notranslate\"><code>#logout-form {\n display: inline;\n}\n#logout-form button {\n padding: 0;\n margin: 0;\n}\n</code></pre></div>\n<p>\n Try it out by clicking the Login/Logout links in the sidebar.\n You should be taken to the logout/login pages that you defined in the <a href=\"#template_directory\">Template directory</a> above.\n</p>"}},{"type":"prose","value":{"id":"testing_in_views","title":"Testing in views","isH3":true,"content":"<p>If you're using function-based views, the easiest way to restrict access to your functions is to apply the <code>login_required</code> decorator to your view function, as shown below. If the user is logged in then your view code will execute as normal. If the user is not logged in, this will redirect to the login URL defined in the project settings (<code>settings.LOGIN_URL</code>), passing the current absolute path as the <code>next</code> URL parameter. If the user succeeds in logging in then they will be returned back to this page, but this time authenticated.</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.decorators import login_required\n\n@login_required\ndef my_view(request):\n # …\n</code></pre></div>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> You can do the same sort of thing manually by testing on <code>request.user.is_authenticated</code>, but the decorator is much more convenient!</p>\n</div>\n<p>Similarly, the easiest way to restrict access to logged-in users in your class-based views is to derive from <code>LoginRequiredMixin</code>. You need to declare this mixin first in the superclass list, before the main view class.</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.mixins import LoginRequiredMixin\n\nclass MyView(LoginRequiredMixin, View):\n # …\n</code></pre></div>\n<p>This has exactly the same redirect behavior as the <code>login_required</code> decorator. You can also specify an alternative location to redirect the user to if they are not authenticated (<code>login_url</code>), and a URL parameter name instead of <code>next</code> to insert the current absolute path (<code>redirect_field_name</code>).</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>class MyView(LoginRequiredMixin, View):\n login_url = '/login/'\n redirect_field_name = 'redirect_to'\n</code></pre></div>\n<p>For additional detail, check out the <a href=\"https://docs.djangoproject.com/en/5.0/topics/auth/default/#limiting-access-to-logged-in-users\" class=\"external\" target=\"_blank\">Django docs here</a>.</p>"}},{"type":"prose","value":{"id":"example_—_listing_the_current_users_books","title":"Example — listing the current user's books","isH3":false,"content":"<p>Now that we know how to restrict a page to a particular user, let's create a view of the books that the current user has borrowed.</p>\n<p>Unfortunately, we don't yet have any way for users to borrow books! So before we can create the book list we'll first extend the <code>BookInstance</code> model to support the concept of borrowing and use the Django Admin application to loan a number of books to our test user.</p>"}},{"type":"prose","value":{"id":"models","title":"Models","isH3":true,"content":"<p>First, we're going to have to make it possible for users to have a <code>BookInstance</code> on loan (we already have a <code>status</code> and a <code>due_back</code> date, but we don't yet have any association between this model and a particular user. We'll create one using a <code>ForeignKey</code> (one-to-many) field. We also need an easy mechanism to test whether a loaned book is overdue.</p>\n<p>Open <strong>catalog/models.py</strong>, and import the <code>settings</code> from <code>django.conf</code> (add this just below the previous import line at the top of the file, so the settings are available to subsequent code that makes use of them):</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.conf import settings\n</code></pre></div>\n<p>\n Next, add the <code>borrower</code> field to the <code>BookInstance</code> model, setting the user model for the key as the value of the setting <code>AUTH_USER_MODEL</code>.\n Since we have not overridden the setting with a <a href=\"https://docs.djangoproject.com/en/5.0/topics/auth/customizing/\" class=\"external\" target=\"_blank\">custom user model</a> this maps to the default <code>User</code> model from <code>django.contrib.auth.models</code>.\n</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>borrower = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.SET_NULL, null=True, blank=True)\n</code></pre></div>\n<div class=\"notecard note\">\n <p>\n <strong>Note:</strong> Importing the model in this way reduces the work required if you later discover that you need a custom user model.\n This tutorial uses the default model, so you could instead import the <code>User</code> model directly with the following lines:\n </p>\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.models import User\n</code></pre></div>\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>borrower = models.ForeignKey(User, on_delete=models.SET_NULL, null=True, blank=True)\n</code></pre></div>\n</div>\n<p>\n While we're here, let's add a property that we can call from our templates to tell if a particular book instance is overdue.\n While we could calculate this in the template itself, using a <a href=\"https://docs.python.org/3/library/functions.html#property\" class=\"external\" target=\"_blank\">property</a> as shown below will be much more efficient.\n</p>\n<p>Add this somewhere near the top of the file:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from datetime import date\n</code></pre></div>\n<p>Now add the following property definition to the <code>BookInstance</code> class:</p>\n<div class=\"notecard note\">\n <p>\n <strong>Note:</strong> The following code uses Python's <code>bool()</code> function, which evaluates an object or the resulting object of an expression, and returns <code>True</code> unless the result is \"falsy\", in which case it returns <code>False</code>.\n In Python an object is <em>falsy</em> (evaluates as <code>False</code>) if it is: empty (like <code>[]</code>, <code>()</code>, <code>{}</code>), <code>0</code>, <code>None</code> or if it is <code>False</code>.\n </p>\n</div>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>@property\ndef is_overdue(self):\n \"\"\"Determines if the book is overdue based on due date and current date.\"\"\"\n return bool(self.due_back and date.today() &gt; self.due_back)\n</code></pre></div>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> We first verify whether <code>due_back</code> is empty before making a comparison. An empty <code>due_back</code> field would cause Django to throw an error instead of showing the page: empty values are not comparable. This is not something we would want our users to experience!</p>\n</div>\n<p>Now that we've updated our models, we'll need to make fresh migrations on the project and then apply those migrations:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">bash</span></div><pre class=\"brush: bash notranslate\"><code>python3 manage.py makemigrations\npython3 manage.py migrate\n</code></pre></div>"}},{"type":"prose","value":{"id":"admin","title":"Admin","isH3":true,"content":"<p>\n Now open <strong>catalog/admin.py</strong>, and add the <code>borrower</code> field to the <code>BookInstanceAdmin</code> class in both the <code>list_display</code> and the <code>fieldsets</code> as shown below.\n This will make the field visible in the Admin section, allowing us to assign a <code>User</code> to a <code>BookInstance</code> when needed.\n</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>@admin.register(BookInstance)\nclass BookInstanceAdmin(admin.ModelAdmin):\n list_display = ('book', 'status', 'borrower', 'due_back', 'id')\n list_filter = ('status', 'due_back')\n\n fieldsets = (\n (None, {\n 'fields': ('book', 'imprint', 'id')\n }),\n ('Availability', {\n 'fields': ('status', 'due_back', 'borrower')\n }),\n )\n</code></pre></div>"}},{"type":"prose","value":{"id":"loan_a_few_books","title":"Loan a few books","isH3":true,"content":"<p>Now that it's possible to loan books to a specific user, go and loan out a number of <code>BookInstance</code> records. Set their <code>borrowed</code> field to your test user, make the <code>status</code> \"On loan\", and set due dates both in the future and the past.</p>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> We won't spell the process out, as you already know how to use the Admin site!</p>\n</div>"}},{"type":"prose","value":{"id":"on_loan_view","title":"On loan view","isH3":true,"content":"<p>Now we'll add a view for getting the list of all books that have been loaned to the current user. We'll use the same generic class-based list view we're familiar with, but this time we'll also import and derive from <code>LoginRequiredMixin</code>, so that only a logged in user can call this view. We will also choose to declare a <code>template_name</code>, rather than using the default, because we may end up having a few different lists of BookInstance records, with different views and templates.</p>\n<p>Add the following to <strong>catalog/views.py</strong>:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.mixins import LoginRequiredMixin\n\nclass LoanedBooksByUserListView(LoginRequiredMixin,generic.ListView):\n \"\"\"Generic class-based view listing books on loan to current user.\"\"\"\n model = BookInstance\n template_name = 'catalog/bookinstance_list_borrowed_user.html'\n paginate_by = 10\n\n def get_queryset(self):\n return (\n BookInstance.objects.filter(borrower=self.request.user)\n .filter(status__exact='o')\n .order_by('due_back')\n )\n</code></pre></div>\n<p>In order to restrict our query to just the <code>BookInstance</code> objects for the current user, we re-implement <code>get_queryset()</code> as shown above. Note that \"o\" is the stored code for \"on loan\" and we order by the <code>due_back</code> date so that the oldest items are displayed first.</p>"}},{"type":"prose","value":{"id":"url_conf_for_on_loan_books","title":"URL conf for on loan books","isH3":true,"content":"<p>Now open <strong>/catalog/urls.py</strong> and add a <code>path()</code> pointing to the above view (you can just copy the text below to the end of the file).</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>urlpatterns += [\n path('mybooks/', views.LoanedBooksByUserListView.as_view(), name='my-borrowed'),\n]\n</code></pre></div>"}},{"type":"prose","value":{"id":"template_for_on-loan_books","title":"Template for on-loan books","isH3":true,"content":"<p>Now, all we need to do for this page is add a template. First, create the template file <strong>/catalog/templates/catalog/bookinstance_list_borrowed_user.html</strong> and give it the following contents:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% extends \"base_generic.html\" %}\n\n{% block content %}\n &lt;h1&gt;Borrowed books&lt;/h1&gt;\n\n {% if bookinstance_list %}\n &lt;ul&gt;\n\n {% for bookinst in bookinstance_list %}\n &lt;li class=\"{% if bookinst.is_overdue %}text-danger{% endif %}\"&gt;\n &lt;a href=\"{% url 'book-detail' bookinst.book.pk %}\"&gt;{{ bookinst.book.title }}&lt;/a&gt; ({{ bookinst.due_back }})\n &lt;/li&gt;\n {% endfor %}\n &lt;/ul&gt;\n\n {% else %}\n &lt;p&gt;There are no books borrowed.&lt;/p&gt;\n {% endif %}\n{% endblock %}\n</code></pre></div>\n<p>\n This template is very similar to those we've created previously for the <code>Book</code> and <code>Author</code> objects.\n The only \"new\" thing here is that we check the method we added in the model <code>(bookinst.is_overdue</code>) and use it to change the color of overdue items.\n</p>\n<p>When the development server is running, you should now be able to view the list for a logged in user in your browser at <code>http://127.0.0.1:8000/catalog/mybooks/</code>. Try this out with your user logged in and logged out (in the second case, you should be redirected to the login page).</p>"}},{"type":"prose","value":{"id":"add_the_list_to_the_sidebar","title":"Add the list to the sidebar","isH3":true,"content":"<p>The very last step is to add a link for this new page into the sidebar. We'll put this in the same section where we display other information for the logged in user.</p>\n<p>Open the base template (<strong>/django-locallibrary-tutorial/catalog/templates/base_generic.html</strong>) and add the \"My Borrowed\" line to the sidebar in the position shown below.</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code> &lt;ul class=\"sidebar-nav\"&gt;\n {% if user.is_authenticated %}\n &lt;li&gt;User: {{ user.get_username }}&lt;/li&gt;\n\n &lt;li&gt;&lt;a href=\"{% url 'my-borrowed' %}\"&gt;My Borrowed&lt;/a&gt;&lt;/li&gt;\n\n &lt;li&gt;\n &lt;form id=\"logout-form\" method=\"post\" action=\"{% url 'admin:logout' %}\"&gt;\n {% csrf_token %}\n &lt;button type=\"submit\" class=\"btn btn-link\"&gt;Logout&lt;/button&gt;\n &lt;/form&gt;\n &lt;/li&gt;\n {% else %}\n &lt;li&gt;&lt;a href=\"{% url 'login' %}?next={{ request.path }}\"&gt;Login&lt;/a&gt;&lt;/li&gt;\n {% endif %}\n &lt;/ul&gt;\n</code></pre></div>"}},{"type":"prose","value":{"id":"what_does_it_look_like","title":"What does it look like?","isH3":true,"content":"<p>When any user is logged in, they'll see the <em>My Borrowed</em> link in the sidebar, and the list of books displayed as below (the first book has no due date, which is a bug we hope to fix in a later tutorial!).</p>\n<p>\n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/library_borrowed_by_user.png\" alt=\"Library - borrowed books by user\" width=\"530\" height=\"215\" loading=\"lazy\">\n</p>"}},{"type":"prose","value":{"id":"permissions","title":"Permissions","isH3":false,"content":"<p>Permissions are associated with models and define the operations that can be performed on a model instance by a user who has the permission. By default, Django automatically gives <em>add</em>, <em>change</em>, and <em>delete</em> permissions to all models, which allow users with the permissions to perform the associated actions via the admin site. You can define your own permissions to models and grant them to specific users. You can also change the permissions associated with different instances of the same model.</p>\n<p>Testing on permissions in views and templates is then very similar to testing on the authentication status (and in fact, testing for a permission also tests for authentication).</p>"}},{"type":"prose","value":{"id":"models_2","title":"Models","isH3":true,"content":"<p>\n Defining permissions is done on the model <code>class Meta</code> section, using the <code>permissions</code> field.\n You can specify as many permissions as you need in a tuple, each permission itself being defined in a nested tuple containing the permission name and permission display value.\n For example, we might define a permission to allow a user to mark that a book has been returned as shown:\n</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>class BookInstance(models.Model):\n # …\n class Meta:\n # …\n permissions = ((\"can_mark_returned\", \"Set book as returned\"),)\n</code></pre></div>\n<p>We could then assign the permission to a \"Librarian\" group in the Admin site.</p>\n<p>Open the <strong>catalog/models.py</strong>, and add the permission as shown above. You will need to re-run your migrations (call <code>python3 manage.py makemigrations</code> and <code>python3 manage.py migrate</code>) to update the database appropriately.</p>"}},{"type":"prose","value":{"id":"templates","title":"Templates","isH3":true,"content":"<p>The current user's permissions are stored in a template variable called <code>{{ perms }}</code>. You can check whether the current user has a particular permission using the specific variable name within the associated Django \"app\" — e.g. <code>{{ perms.catalog.can_mark_returned }}</code> will be <code>True</code> if the user has this permission, and <code>False</code> otherwise. We typically test for the permission using the template <code>{% if %}</code> tag as shown:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">django</span></div><pre class=\"brush: django notranslate\"><code>{% if perms.catalog.can_mark_returned %}\n &lt;!-- We can mark a BookInstance as returned. --&gt;\n &lt;!-- Perhaps add code to link to a \"book return\" view here. --&gt;\n{% endif %}\n</code></pre></div>"}},{"type":"prose","value":{"id":"views","title":"Views","isH3":true,"content":"<p>Permissions can be tested in function view using the <code>permission_required</code> decorator or in a class-based view using the <code>PermissionRequiredMixin</code>. The pattern are the same as for login authentication, though of course, you might reasonably have to add multiple permissions.</p>\n<p>Function view decorator:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.decorators import permission_required\n\n@permission_required('catalog.can_mark_returned')\n@permission_required('catalog.can_edit')\ndef my_view(request):\n # …\n</code></pre></div>\n<p>A permission-required mixin for class-based views.</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.mixins import PermissionRequiredMixin\n\nclass MyView(PermissionRequiredMixin, View):\n permission_required = 'catalog.can_mark_returned'\n # Or multiple permissions\n permission_required = ('catalog.can_mark_returned', 'catalog.change_book')\n # Note that 'catalog.change_book' is permission\n # Is created automatically for the book model, along with add_book, and delete_book\n</code></pre></div>\n<div class=\"notecard note\">\n <p><strong>Note:</strong> There is a small default difference in the behavior above. By <strong>default</strong> for a logged-in user with a permission violation:</p>\n <ul>\n <li><code>@permission_required</code> redirects to login screen (HTTP Status 302).</li>\n <li><code>PermissionRequiredMixin</code> returns 403 (HTTP Status Forbidden).</li>\n </ul>\n <p>Normally you will want the <code>PermissionRequiredMixin</code> behavior: return 403 if a user is logged in but does not have the correct permission. To do this for a function view use <code>@login_required</code> and <code>@permission_required</code> with <code>raise_exception=True</code> as shown:</p>\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">python</span></div><pre class=\"brush: python notranslate\"><code>from django.contrib.auth.decorators import login_required, permission_required\n\n@login_required\n@permission_required('catalog.can_mark_returned', raise_exception=True)\ndef my_view(request):\n # …\n</code></pre></div>\n</div>"}},{"type":"prose","value":{"id":"example","title":"Example","isH3":true,"content":"<p>We won't update the <em>LocalLibrary</em> here; perhaps in the next tutorial!</p>"}},{"type":"prose","value":{"id":"challenge_yourself","title":"Challenge yourself","isH3":false,"content":"<p>\n Earlier in this article, we showed you how to create a page for the current user, listing the books that they have borrowed.\n The challenge now is to create a similar page that is only visible for librarians, that displays <em>all</em> books that have been borrowed, and which includes the name of each borrower.\n</p>\n<p>You should be able to follow the same pattern as for the other view. The main difference is that you'll need to restrict the view to only librarians. You could do this based on whether the user is a staff member (function decorator: <code>staff_member_required</code>, template variable: <code>user.is_staff</code>) but we recommend that you instead use the <code>can_mark_returned</code> permission and <code>PermissionRequiredMixin</code>, as described in the previous section.</p>\n<div class=\"notecard warning\">\n <p><strong>Warning:</strong> Remember not to use your superuser for permissions based testing (permission checks always return true for superusers, even if a permission has not yet been defined!). Instead, create a librarian user, and add the required capability.</p>\n</div>\n<p>When you are finished, your page should look something like the screenshot below.</p>\n<p>\n <img src=\"/en-US/docs/Learn/Server-side/Django/Authentication/library_borrowed_all.png\" alt=\"All borrowed books, restricted to librarian\" width=\"500\" height=\"283\" loading=\"lazy\">\n</p>"}},{"type":"prose","value":{"id":"summary","title":"Summary","isH3":false,"content":"<p>Excellent work — you've now created a website where library members can log in and view their own content, and where librarians (with the correct permission) can view all loaned books and their borrowers. At the moment we're still just viewing content, but the same principles and techniques are used when you want to start modifying and adding data.</p>\n<p>In our next article, we'll look at how you can use Django forms to collect user input, and then start modifying some of our stored data.</p>"}},{"type":"prose","value":{"id":"see_also","title":"See also","isH3":false,"content":"<ul>\n <li><a href=\"https://docs.djangoproject.com/en/5.0/topics/auth/\" class=\"external\" target=\"_blank\">User authentication in Django</a> (Django docs)</li>\n <li><a href=\"https://docs.djangoproject.com/en/5.0/topics/auth/default/\" class=\"external\" target=\"_blank\">Using the (default) Django authentication system</a> (Django docs)</li>\n <li><a href=\"https://docs.djangoproject.com/en/5.0/topics/class-based-views/intro/#decorating-class-based-views\" class=\"external\" target=\"_blank\">Introduction to class-based views &gt; Decorating class-based views</a> (Django docs)</li>\n</ul><ul class=\"prev-next\">\n <li><a class=\"button secondary\" href=\"/en-US/docs/Learn/Server-side/Django/Sessions\"><span class=\"button-wrap\"> Previous </span></a></li>\n <li><a class=\"button secondary\" href=\"/en-US/docs/Learn/Server-side/Django\"><span class=\"button-wrap\"> Overview: Django Web Framework (Python)</span></a></li>\n <li><a class=\"button secondary\" href=\"/en-US/docs/Learn/Server-side/Django/Forms\"><span class=\"button-wrap\"> Next </span></a></li>\n</ul>"}}],"toc":[{"text":"Overview","id":"overview"},{"text":"Enabling authentication","id":"enabling_authentication"},{"text":"Creating users and groups","id":"creating_users_and_groups"},{"text":"Setting up your authentication views","id":"setting_up_your_authentication_views"},{"text":"Testing against authenticated users","id":"testing_against_authenticated_users"},{"text":"Example — listing the current user's books","id":"example_—_listing_the_current_users_books"},{"text":"Permissions","id":"permissions"},{"text":"Challenge yourself","id":"challenge_yourself"},{"text":"Summary","id":"summary"},{"text":"See also","id":"see_also"}],"summary":"Excellent work — you've now created a website where library members can log in and view their own content, and where librarians (with the correct permission) can view all loaned books and their borrowers. At the moment we're still just viewing content, but the same principles and techniques are used when you want to start modifying and adding data.","popularity":0.0254,"modified":"2024-11-21T23:54:26.000Z","other_translations":[{"locale":"de","title":"Django-Tutorial Teil 8: Benutzer-Authentifizierung und Berechtigungen","native":"Deutsch"},{"locale":"es","title":"Tutorial de Django Parte 8: Autenticación y permisos de Usuario","native":"Español"},{"locale":"pt-BR","title":"Tutorial Django Parte 8: Autenticação de usuário e permissões","native":"Português (do Brasil)"},{"locale":"ru","title":"Руководство Django Часть 8: Аутентификация и авторизация пользователя","native":"Русский"},{"locale":"zh-CN","title":"Django 教程 8:用户授权与许可","native":"中文 (简体)"},{"locale":"zh-TW","title":"Django Tutorial Part 8: User authentication and permissions","native":"正體中文 (繁體)"}],"pageType":"learn-module-chapter","source":{"folder":"en-us/learn/server-side/django/authentication","github_url":"https://github.com/mdn/content/blob/main/files/en-us/learn/server-side/django/authentication/index.md","last_commit_url":"https://github.com/mdn/content/commit/619d9d3e00c0170b041f504103546d7d68a3791a","filename":"index.md"},"short_title":"Django Tutorial Part 8: User authentication and permissions","parents":[{"uri":"/en-US/docs/Learn","title":"Guides"},{"uri":"/en-US/docs/Learn/Server-side","title":"Server-side website programming"},{"uri":"/en-US/docs/Learn/Server-side/Django","title":"Django Web Framework (Python)"},{"uri":"/en-US/docs/Learn/Server-side/Django/Authentication","title":"Django Tutorial Part 8: User authentication and permissions"}],"pageTitle":"Django Tutorial Part 8: User authentication and permissions - Learn web development | MDN","noIndexing":false}}</script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10