Use AbstractUser, @login_required, permission_required, and GROUP-based access control.
Django Authentication
# settings.py
AUTH_USER_MODEL = "accounts.User" # custom user model
LOGIN_URL = "/auth/login/"
LOGIN_REDIRECT_URL = "/dashboard/"
# Custom User model
class User(AbstractUser):
bio = models.TextField(blank=True)
avatar = models.ImageField(upload_to="avatars/", blank=True)
followers = models.ManyToManyField("self", symmetrical=False, related_name="following")
# Views
from django.contrib.auth import login, authenticate, logout
from django.contrib.auth.decorators import login_required, permission_required
@login_required
def dashboard(request):
return render(request, "dashboard.html")
@permission_required("blog.add_post", raise_exception=True)
def create_post(request):
pass
# Built-in auth URLs (include in urls.py)
path("accounts/", include("django.contrib.auth.urls"))
# Provides: login, logout, password_change, password_reset