Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/diegolozadev/DataMed/llms.txt

Use this file to discover all available pages before exploring further.

User Management

DataMed uses Django’s built-in authentication system to manage user accounts, sessions, and permissions. All healthcare staff need user accounts to access the system.

User Model

DataMed uses Django’s default User model with these core fields:
  • username: Unique identifier for login
  • email: User’s email address
  • first_name: User’s first name
  • last_name: User’s last name
  • is_staff: Can access Django admin interface
  • is_active: Account is enabled
  • is_superuser: Has all permissions
  • last_login: Timestamp of last successful login
  • date_joined: Account creation date

Creating Users

Via Django Admin

1

Access Admin Interface

Navigate to /admin/ and log in with a superuser account.
2

Navigate to Users

Click Authentication and AuthorizationUsersAdd User.
3

Set Credentials

Enter username and password (password confirmation required).
4

Configure Profile

Set first name, last name, email, and permissions.
5

Save User

Click Save to create the account.

Via Management Command

Create a superuser account from the command line: 
python manage.py createsuperuser
Interactive Prompts: 
Username: admin
Email address: admin@example.com
Password: 
Password (again): 
Superuser created successfully.

Programmatically

Create users in Django shell or scripts: 
from django.contrib.auth.models import User

# Create regular user
user = User.objects.create_user(
    username='drgarcia',
    email='garcia@example.com',
    password='secure_password',
    first_name='María',
    last_name='García'
)

# Create superuser
superuser = User.objects.create_superuser(
    username='admin',
    email='admin@example.com',
    password='admin_password'
)

Permission Levels

DataMed uses Django’s three-tier permission system:

Regular Users

  • Can log in to DataMed
  • Can access patient records and clinical forms
  • Cannot access Django admin interface
  • Settings: is_staff=False, is_superuser=False

Staff Users

  • All regular user permissions
  • Can access Django admin interface
  • Can view but not modify system configuration
  • Settings: is_staff=True, is_superuser=False

Superusers

  • All staff user permissions
  • Can create/modify users and permissions
  • Can access all admin features
  • Settings: is_staff=True, is_superuser=True

Authentication Flow

DataMed uses session-based authentication configured in config/settings.py:
config/settings.py
LOGIN_URL = 'login'
LOGIN_REDIRECT_URL = 'dashboard'
LOGOUT_REDIRECT_URL = 'login'

Login Process

1

User Navigates to DataMed

Any protected URL redirects to /users/login/ if not authenticated.
2

Enter Credentials

User submits username and password via login form.
3

Session Created

Django validates credentials and creates a session cookie.
4

Redirect to Dashboard

User is redirected to /dashboard/ after successful login.

Logout Process

Users can log out at any time, which destroys their session and redirects to the login page.

Protecting Views

All DataMed views are protected with the @login_required decorator:
apps/patients/views.py
from django.contrib.auth.decorators import login_required

@login_required
def patients_list(request):
    # Only authenticated users can access this view
    patients = Patient.objects.filter(ingresos__estado='ACTIVO')
    return render(request, 'patients/patients_list.html', {'patients': patients})

Tracking User Activity

DataMed tracks which user registered each clinical exam using ForeignKey relationships:
apps/exams/models.py
class Monitoreo(models.Model):
    registrado_por = models.ForeignKey(
        settings.AUTH_USER_MODEL,
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='monitoreos_registrados'
    )
Audit Trail:
  • All clinical exams track registrado_por (registered by user)
  • All models have created_at timestamp
  • User info preserved even if account is deleted (SET_NULL)

Managing Existing Users

Updating User Information

  1. Navigate to /admin/auth/user/
  2. Click on the user you want to modify
  3. Update fields and click Save

Resetting Passwords

  1. Go to /admin/auth/user/
  2. Click on the user
  3. Click this form link under Password field
  4. Enter new password twice and save

Deactivating Users

Disable user accounts without deleting them: 
from django.contrib.auth.models import User

user = User.objects.get(username='drgarcia')
user.is_active = False
user.save()
Deactivated users cannot log in but their historical data (exams registered, etc.) remains intact.

Security Best Practices

Django enforces password validation rules by default:
  • Minimum 8 characters
  • Cannot be entirely numeric
  • Cannot be too similar to username
  • Cannot be a commonly used password
Require users to change passwords periodically, especially for accounts with elevated privileges.
Review Django logs for repeated failed login attempts:
grep "Invalid password" /var/log/datamed/django.log
Always deploy DataMed behind HTTPS to protect session cookies and credentials in transit.
Regularly review who has is_staff and is_superuser access:
# List all superusers
User.objects.filter(is_superuser=True)

# List all staff users
User.objects.filter(is_staff=True)

Common Tasks

List All Users

from django.contrib.auth.models import User

for user in User.objects.filter(is_active=True):
    print(f"{user.username} - {user.get_full_name()} - Last login: {user.last_login}")

Find Users Without Recent Activity

from django.utils import timezone
from datetime import timedelta

thirty_days_ago = timezone.now() - timedelta(days=30)
inactive_users = User.objects.filter(
    is_active=True,
    last_login__lt=thirty_days_ago
)

Grant Staff Access

user = User.objects.get(username='drgarcia')
user.is_staff = True
user.save()

Next Steps

Configuration

Configure environment and security settings

Deployment

Deploy DataMed to production

API Authentication

Understand session-based authentication

Database Schema

Explore user relationships in the data model

Build docs developers (and LLMs) love

Get started for freeTalk to us