On 6/20/25 06:39, Christian Schneider wrote:
Dear Mark and companions,
somehow I can not cope with the user management... (I am running a venv-installation, latest stable versions)
I read this manual: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/rest/docs/u... and played with the RestAPI calls...
I know about the fine grained differences between user and member, admin/owner, superuser... and about the two user databases in PostgreSQL and Django-Framework.
I'm not sure what distinction you are making between PostgreSQL and
Django-Framework. There are two separate and distinct users, Django
users and Mailman core users. Information about both is in the
PostgreSQL database. Django users are in the auth_user table and
Mailman core users are in the user table, both in the public schema,
although if you split the data into a mailman database and a
mailmanweb database the auth_user table is in mailmanweb and the
user table is in mailman.
What I stumble upon is the RestAPI calls to create a "working" user (with the ability to login via WebUI). When I follow the manual (from the url above) I create a user (including password) that appears in the PostgreSQL database. (And this user is visible on the User-URL (https://example.com/mailman3/users)) Even when I (via WebUI) set the user as "approved" this user is not able to log in... I assume this restriction is in accordance to the fact that there is not equivalent Django user. (There was a mail in the archive of the MM3 user group...stating that one has to use the Django RestAPI to create the appropriate user)
The above is correct. The Mailman REST API only deals with Mailman core. Mailman core knows nothing about Django.
When I create the user using the WebUI (https://example.com/accounts/signup/?next=/mailman3/lists/) the new user is created in the right (complete) way...appearing in the PostgreSQL database and as a user in Django. How is this sync between the two databases realized?
I'm still looking into that, but it isn't the creation of the Django user per se that creates the Mailman user. The process has multiple steps.
Sign-up for an account. This creates the Django user and sends an address confirmation email.
Click the link in the confirmation email. This takes you to a page with a
Confirmbutton to confirm the email address.Click the confirm button.
It is not until step 3) that the Mailman user and address records are created.
(The Django user also has the correct status (no staff status / no superuser status / just active status) how is this realized?)
Presumably by the sign-up process not setting staff status and superuser status.
As I am not very familiar with python programming (I know Perl/Java/C++ and have an (maybe outdated) concept of OOP), is there a quick way to implement this kind of sync by copying the register logic from mailman's python action script for registering?
I think it must be django-mailman3 that's doing this, but I haven't been able to see how so far. django-mailman3 does override the template for the /accounts/confirm-email page, but this is only to include styling.
Other questions: Will there be a create_admin_user-script that is callable via CLI (like createsuperuser or create_list)? (This script ought create a user in PostgreSQL and as Django user)
No plans. There are mailman addmembers and mailman admins commands
to add members or admins to a list. Adding an owner or moderator to a
list via mailman admins will also create a Mailman user for that
person if there isn't one already, but it won't create a Django user.
How will a social account provider (like oidc) linkage (in Django) fit in this concept? Will oidc-accounts be copied to the Django's user database (or PostgreSQL db) or is it an on-the-fly check against the oidc-provider? (I assume second option) What are the status-flags (staff status/superuser status/active status) of the linked oidc-accounts? (Can I specify the status flags?)
I don't offhand know the answers to that, but I think logging in via a social account provider creates a Django user..
A conceptual thought: When "user1" (with email user1@example.com) is known to django via oidc linkage and I create "user1" (also with email user1@example.com) via RestAPI calls (following the url https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/rest/docs/u...) do I have a "complete" user then? I mean a user who is able to login and who can be assigned to a list as admin (e.g.) (In this case I would not have to care about the Django user database... ;-))
If the user can log in to the web UI with an associated email address, if that address is an admin of a list, the logged in user can admin the list.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan