How to Make Users Automatically Follow Admin User on Sign Up

How to make Users automatically Follow Admin User on Sign Up

In user.rb add a after_create filter

after_create :follow_admin!

def follow_admin!
  relationships.create!(followed_id: admin_user.id)
end

How to automatically create user profile for new users that register to the platform in Django

If you setup your signal properly it should suffice your requirement.

The proper setup of signal is you have to update the apps.py

e.g:

apps.py

class MyAppConfig(AppConfig):
  name='myapp'

  def ready(self):
     # import your signal file in here if the app is ready
     from . import receivers

finally update the app init.py, by importing your apps.py:

e.g.

default_app_config='myapp.apps.MyAppConfig'

Automatically Subscribe all users to Super Admin Google Account

You can add calendars to your super admin account from other users by using the method CalendarList: insert as this will add a specified calendar to your calendar list.

To get the calendar id required to insert this calendar into your calendar list you could use CalendarList: list and impersonating each user on your organization to then iterate over this list of calendars to get the id. I recommend doing this process using a service account.

1. Create a service account.
2. Iterate over each user on your organization.
3. On each user make a CalendarList: list call and iterate over each calendar of this list.
4. For each calendar use CalendarList: insert to insert this calendar in the super admin (or any other user) account.

How do I make signup page avilable only for logged in staff users in Django allauth?

I found some solution or "workaround" to this. I don't know how good or bad it is, but at least it works as expected.

First: Set this to False on settings.py so that users aren't automatically redirected depending on they're logged in or not. This will make the signup and login form available to all users whether they're logged in or not.

ACCOUNT_AUTHENTICATED_LOGIN_REDIRECTS = False

Second: Alter the form_valid function on a custom SignUpview a little so that even if users post registration in the page, it won't be allowed.

You just add these two lines so that the function raises error if the user is not staff.

if not self.request.user.is_staff: # ADDED LINE 1: Check if User is staff
    raise Exception("Error: user is not staff") # ADDED LINE 2: Raise Exception

This is how the CustomSignupView looks:

from allauth.account.views import SignupView

from django.utils.decorators import method_decorator
from django.views.decorators.debug import sensitive_post_parameters

from allauth.exceptions import ImmediateHttpResponse

from allauth.account import app_settings

from allauth.account.utils import (
    complete_signup
)

INTERNAL_RESET_SESSION_KEY = "_password_reset_key"

sensitive_post_parameters_m = method_decorator(
    sensitive_post_parameters("oldpassword", "password", "password1", "password2")
)

class AccountSignupView(SignupView):

    def form_valid(self, form):
        # By assigning the User to a property on the view, we allow subclasses
        # of SignupView to access the newly created User instance
        if not self.request.user.is_staff: # ADDED LINE 1: Check if User is staff
            raise Exception("Error: user is not staff") # ADDED LINE 2: Raise Exception
        self.user = form.save(self.request)
        try:
            return complete_signup(
                self.request,
                self.user,
                app_settings.EMAIL_VERIFICATION,
                self.get_success_url(),
            )
        except ImmediateHttpResponse as e:
            return e.response

account_signup_view = AccountSignupView.as_view()

And you probably know you have to put this path on urls.py too before the path to include(allauth.urls). I had allauth on project level, so urls are on project urls.py.

path("accounts/signup/", view=views.account_signup_view)

**Third: **Put a simple logic in template like {% if user.is_staff %} to determine who can show the form or not. Other users visiting signup page won't be redirected off automatically, but they'll see another page rendered. Here's an example:

{% extends "base.html" %}
{% load i18n %}
{% block head_title %}{% trans "Signup" %}{% endblock %}
{% block content %}
<br>THIS IS A CUSTOM TEMPLATE</br>
{% if user.is_authenticated and user.is_staff %}
<h1>{% trans "Sign Up" %}</h1>
<p>{% blocktrans %}Already have an account? Then please <a href="{{ login_url }}">sign in</a>.{% endblocktrans %}</p>
<form class="signup" id="signup_form" method="post" action="{% url 'account_signup' %}">
  {% csrf_token %}
  {{ form.as_p }}
  {% if redirect_field_value %}
  <input type="hidden" name="{{ redirect_field_name }}" value="{{ redirect_field_value }}" />
  {% endif %}
  <button type="submit">{% trans "Sign Up" %} »</button>
</form>
{% else %}
Only admins are allowed to register new users
{% endif %}
{% endblock %}

I don't know how secure or good this solution is, but at least it prevents the all users to use signup form and only allows staff users. If you CTRL + click on a class or function, or visit its GitHub page, you can find its source code, study how it works and copy paste and alter it.

Allow admin user to login as other users

It seems you want to impersonate a user. This means that you want to have Meteor.userId (or this.userId depending on context) reflect the _id of a specific user both on the client and the server.

afaict the only way to do this is to login as the user. Presumably you don't want to ask the user for their password so you have a couple of choices:

1. Save their existing password, replace it (temporarily) with a password of your choosing, then after you're done impersonating their account, restore their existing password.

You probably don't want to ask the user for their password and you don't need to. All you need to do is set aside Meteor.user.findOne(userId).services.password.bcrypt, then reset the password to your temporary value, then restore the original bcrypt value later.

The downside is that the original user would not be able to login while you are logged-in. Plus it's really hacky.

2. Extend Meteor's Accounts package to provide impersonation capability in a more elegant manner.

3. You might also look at validateLoginAttempt. The docs are unclear as to whether a failed login attempt could be overridden with a successful one but if it could then that would provide another pathway to solve your problem.

Creating a Follow User mechanism

It looks to me as though you are adding a follow record for every user other than B that A is following. I think you might be able to fix this by restricting to B as well as A in your initial query i.e.

$query="SELECT follow_user from follow where my_email= '".$_SESSION['email']."' and follow_user = '".$temp"'";

You can then remove the while loop:

if(mysql_num_rows($data) > 0)
{
    header('Location:acq.php?success=1');
    $_SESSION['message'] = 'Already Following.';

}
else
{
    mysql_connect('localhost','root','');
    mysql_select_db('reviewed');
    $query="INSERT INTO follow (my_email, follow_user) VALUES('".$_SESSION['email']."','".$temp."')";
    $data=mysql_query($query);
    if (!$data) { // add this check.
        die('Invalid query: ' . mysql_error()) ;
    }           
    echo "Success"; 
}

How to avoid being signed in automatically when a new user is created using firebase

There is no direct way provided for web development to create user without signin. Instead there is method to create user without sign-in in Admin-SDK which will solve your problem.

To access this function you have to use node.js in firebase function.

---

Related Topics