Opened 4 years ago
Closed 4 years ago
#32097 closed Bug (invalid)
Staff users cannot acess admin site
| Reported by: | Jaff Cunha | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | 3.1 |
| Severity: | Normal | Keywords: | Staff, Admin Site, 403, PermissionDenied |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I'm using Django 3.1.2 and staff users added by superuser in the admin site can't access the same admin site after login. All pages in /admin/ return 403 forbidden error.
I'm using Windows 10, Python 3.8.5, inside a virtual environment (venv). My commands were made in Git Bash. It first happened in other project, so i created a new one to try. It's the same error in Firefox, Edge and Chrome.
Exactly what i did:
Git Bash:
$ mkdir test_staff $ cd test_staff/ $ python -m venv venv_dev $ source venv_dev/Scripts/activate $ pip install Django==3.1.2 $ pip list Package Version ---------- ------- asgiref 3.2.10 Django 3.1.2 pip 20.1.1 pytz 2020.1 setuptools 47.1.0 sqlparse 0.4.1 $ django-admin startproject mysite $ cd mysite/ $ python manage.py migrate $ winpty python manage.py createsuperuser username: admin password: 12345 $ python manage.py runserver
Browser:
Login with "admin" user: http://localhost:8000/admin/login
Add staff user: http://localhost:8000/admin/auth/user/add/
- username: staff_user
- password: Ax47y](U[1fpw;8H2?})
- Save and continue editing
- staff status = True
- Save
Logout: http://localhost:8000/admin/logout/
Login with "staff_user": http://localhost:8000/admin/login
Result:
Git Bash:
[09/Oct/2020 12:49:39] "GET /admin/ HTTP/1.1" 200 2282
Other URL:
Git Bash:
Forbidden (Permission denied): /admin/auth/user/
Traceback (most recent call last):
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\core\handlers\exception.py", line 47, in inner
response = get_response(request)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\core\handlers\base.py", line 179, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\options.py", line 614, in wrapper
return self.admin_site.admin_view(view)(*args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\views\decorators\cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\sites.py", line 233, in inner
return view(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 43, in _wrapper
return bound_method(*args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\options.py", line 1690, in changelist_view
raise PermissionDenied
django.core.exceptions.PermissionDenied
[09/Oct/2020 12:53:50] "GET /admin/auth/user/ HTTP/1.1" 403 135
Note:
See TracTickets
for help on using tickets.
Please don't use Trac as a support channel. Staff users don't have permissions without explicitly assigning them.
Closing per TicketClosingReasons/UseSupportChannels