is_staff Boolean. Designates whether this user can access the admin site.

is_authenticated Read-only attribute which is always True (as opposed to AnonymousUser.is_authenticated which is always False). This is a way to tell if the user has been authenticated. This does not imply any permissions and doesn’t check if the user is active or has a valid session. Even though normally you will check this attribute on request.user to find out whether it has been populated by the AuthenticationMiddleware (representing the currently logged-in user), you should know this att

is_anonymous Read-only attribute which is always False. This is a way of differentiating User and AnonymousUser objects. Generally, you should prefer using is_authenticated to this attribute. Changed in Django 1.10: In older versions, this was a method. Backwards-compatibility support for using it as a method will be removed in Django 2.0.

is_active Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break. This doesn’t necessarily control whether or not the user can log in. Authentication backends aren’t required to check for the is_active flag but the default backend (ModelBackend) and the RemoteUserBackend do. You can use AllowAllUsersModelBac

has_usable_password() Returns False if set_unusable_password() has been called for this user.

has_perms(perm_list, obj=None) Returns True if the user has each of the specified permissions, where each perm is in the format "<app label>.<permission codename>". If the user is inactive, this method will always return False. If obj is passed in, this method won’t check for permissions for the model, but for the specific object.

has_perm(perm, obj=None) Returns True if the user has the specified permission, where perm is in the format "<app label>.<permission codename>". (see documentation on permissions). If the user is inactive, this method will always return False. If obj is passed in, this method won’t check for a permission for the model, but for this specific object.

has_module_perms(package_name) Returns True if the user has any permissions in the given package (the Django app label). If the user is inactive, this method will always return False.

groups Many-to-many relationship to Group

get_username() Returns the username for the user. Since the User model can be swapped out, you should use this method instead of referencing the username attribute directly.