#20646 closed Cleanup/optimization (fixed)
Clarify the use of AbstractBaseUser.REQUIRED_FIELDS
Reported by: | ChocolateCookies | Owned by: | Craig Bruce |
---|---|---|---|
Component: | Documentation | Version: | 1.5 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
In core/models.py:
class User( AbstractUser ): REQUIRED_FIELDS = [ 'first_name', 'last_name', 'email' ] USERNAME_FIELD = 'username'
In settings.py
AUTH_USER_MODEL = 'core.User'
When manage.py syncdb
is called, the Superuser creation wizard properly asks for first name, last name and email, in addition to username and password.
However, when creating a User in the admin interface, the fields first name, last name and email address can be left blank. Should this be the case, or is it a bug?
Change History (9)
comment:1 by , 11 years ago
Easy pickings: | set |
---|---|
Summary: | Overriding User::REQUIRED_FIELDS works for creating su, but not in admin site → Clarify the use of AbstractBaseUser.REQUIRED_FIELDS |
Triage Stage: | Unreviewed → Accepted |
Type: | Bug → Cleanup/optimization |
comment:2 by , 11 years ago
Hi Baptiste,
What do you think? When you define REQUIRED_FIELDS and are indeed required to supply them when using createsuperuser, will it not be a common case to require them as well when creating a user in another way?
If not, I find REQUIRED_FIELDS inappropriately named. Maybe we should rename it to SUPERUSER_REQUIRED_FIELDS?
What are your thoughts?
Wim
comment:3 by , 11 years ago
I completely disagree that renaming the setting is worthwhile. For one thing, the code is out in the wild, so there's a backwards incompatibility issue; secondly, changing the name is a bike shed - whatever the name is, *someone* is going to be confused by it.
If we were going to do anything about REQUIRED_FIELDS, it would be to remove it entirely; see #19901 and #19402. However, these tickets both indicate the difficulty involved.
comment:4 by , 11 years ago
Component: | contrib.auth → Documentation |
---|
comment:5 by , 11 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:6 by , 11 years ago
Has patch: | set |
---|
I have added a tip entry in the docs
https://github.com/craigbruce/django/commit/9187c2a55a797bd0ee1f2ccd7979a64ff282808b
comment:7 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Hi,
I think this is not a bug but rather a documentation issue.
Putting a field in
REQUIRED_FIELDS
only makes it so thatcreatesuperuser
prompts for a value. Empty values may still be accepted, depending on the value of the field'sblank
attribute.With your example, this means that you can still create a user with an empty first name when using
createsuperuser
.Also note that, as the documentation mentions [1],
REQUIRED_FIELDS
is only used for thecreatesuperuser
management command and has no effect on other parts of Django (like the admin).Thanks.
[1] https://docs.djangoproject.com/en/dev/topics/auth/customizing/#django.contrib.auth.models.CustomUser.REQUIRED_FIELDS