We've got an identity-aware proxy in our k8s cluster which passes user data (i.e. name, e-mail, groups) along to the Django app as request headers. These are used to get_or_create (and log in) an Employee object, which is our user model, in middleware.
is_staff will be set from is_superuser in the save() method of Employee, and I've verified that both fields are are True in the DB, but I'm still denied access...
Add comment