All geek questions in one place

Django Admin - User Access Restriction

I was wondering if the django admin page can be used for external users.

Say I have these models:

class Publisher(models.Model): admin_user = models.ForeignKey(Admin.User) .. class Publication(models.Model): publisher = models.ForeignKey(Publisher) ..

I'm not quite sure what admin_user is - maybe it could be the admin email address?

Anyway. Is there a way for an administrator user to add or edit / delete publications whose publisher is associated with this user?

-Thanks! -Chris

+4
source share
3 answers

If you need smaller permissions in your own applications, it should be noted that the Django administrative application supports this using the following methods, which can be overridden in subclasses of ModelAdmin. Note that all of these methods receive the current HttpRequest object as an argument, allowing you to configure it based on a specific authenticated user:

  • queryset(self, request): Should return a QuerySet for use in the list of objects for the model for admin. Objects that are not in this QuerySet will not be displayed.
  • has_add_permission(self, request): Should return True, if adding an object is allowed, False otherwise.
  • has_change_permission(self, request, obj=None): Should return True if editing obj is enabled, otherwise false. If obj is None, return True or False to indicate whether editing of objects of this type is allowed at all (for example, if False will be interpreted as meaning that the current user is not allowed to edit any object of this type).
  • has_delete_permission(self, request, obj=None): Must return True if obj exception is allowed, otherwise false. If obj is None, you should return True or False to indicate whether deleting objects of this type is allowed at all (for example, if False will be interpreted as meaning that the current user is not allowed to delete any object of this type).

[django.com]

+15
source

I see that Chris’s answer was useful the moment the question was asked. But now it's almost 2016, and I think it’s becoming easier for him to use the limited access of the Django Admin panel for the end user.

Django authentication system provides:

Groups. A common way to apply labels and permissions for multiple users.

If you can add specific permissions and apply this group to the user through the admin panel or using codes for writing.

After adding a user to these specific groups, the administrator needs to enable the is_staff flag for these users.

The user will be able to access the registered registered models in admin. Hope this helps.

+1
source

django admin may be limited to some extent. For this user, firstly, they must have administrator rights to access the admin site. Anyone who has this flag can view all admin pages. If you want to limit your viewing, you're out of luck, because it just isn't implemented. From there, each user has many permissions to create, update, and delete for each model on the administrator’s site. The most convenient way to handle this is to create groups and then assign permissions to groups.

0
source

Source: https://habr.com/ru/post/1286525/

More articles:


All Articles