django removes "is_staff" permission if I try to login

Question

I have a pretty strange situation within my django project. I have a LoginForm where a user can log into the website. I am using django 3.2.12 with some other libraries like django-crispy-forms and so on.

I implemented django-crowd-auth so that users can access the page with crowd. I made the neccessary configurations in settings.py and the app is running without any issues.

Afterwards I gave my existing user is_staff and is_superuser permissions to access the django administration.

I did it like this:

python manage.py shell
>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username="<myuser>")
>>> user.is_staff = True
>>> user.is_superuser = True
>>> print(user.is_staff)
True
>>> print(user.is_superuser)
True
>>> user.save()

After that I restart my django app the following way:

 sudo <path_to_conda_env_python>/python manage.py runsslserver --certificate <crt-file> --key <pem-file> 0.0.0.0:88

If I try to log into the django administration panel with the user which I just gave the permissions I get the error

"Please enter the correct username and password for a staff account. Note that both fields may be case-senitive"

Returning to the django shell gives me this output

python manage.py shell
>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username="<myuser>")
>>> print(user.is_staff)
False
>>> print(user.is_superuser)
False

It seems that django resets my permission every time I try to log in. But why?

What I already tried:

• Creating a fresh user and give the user the is_staff and is_superuser permissions
• Running python manage.py shell with sudo

The documentation for django crowd auth says that the variable CROWD_USERS_ARE_STAFF is set to false per default. This is okay because newly created users should not have the permission to access the admin page. But this can´t cause the problem right?

Anybody worked with the crowd authentification and has some ideas?

Edit typo changed save() to user.save()

Answer 1

I found a temporary solution for my problem. I changed the logic in the try block within the user.py script. Changing ressource scripts may not the best way but for testing purpose this is fine.

def from_data(client, data):
    """Get a Django user from a Crowd user data.
    """
    username = data['name']
    is_active = getattr(settings, 'CROWD_USERS_ARE_ACTIVE', True)
    superusers_group = getattr(settings, 'CROWD_SUPERUSERS_GROUP', None)
    is_superuser = False
    groups = []

    for group_name in client.get_nested_groups(username):
        if superusers_group and group_name == superusers_group:
            is_superuser = True

        try:
            group = Group.objects.get(name=group_name)
        except ObjectDoesNotExist:
            group = Group.objects.create(name=group_name)
            LOGGER.info('Group %s created', group_name)

        groups.append(group)

    is_staff = getattr(settings, 'CROWD_USERS_ARE_STAFF', is_superuser)

    try:
        user = get_user_model().objects.get(username=username)
        if username==<your_username>:
            user.is_staff=True
            user.is_superuser=True
            user.save()

    except ObjectDoesNotExist:
        user = get_user_model().objects.create(
            username=username,
            first_name=data.get('first-name'),
            last_name=data.get('last-name'),
            email=data.get('email'),
            is_active=is_active,
            is_staff=is_staff,
            is_superuser=is_superuser)
        group = Group.objects.get(name='LinMaps_Light')
        user.groups.add(group)
        LOGGER.info('User %s created', username)

    return user