I am kind of new to Django, and i am trying to make sort of a news website where users can submit articles(with an account) but the admin needs to check them before they can be posted. Is that possible?
Yes, it is.
The simplest approach would be creating simple flag in model let's say a Boolean field named verified, which by default would be False. You could add permissions. So in the end you could overwrite a function in your admin form, and show the field for superuser only.
class MyUserAdmin(admin.ModelAdmin):
def get_form(self, request, obj=None, **kwargs):
self.exclude = []
if not request.user.is_superuser:
self.exclude.append('Permissions') #here!
return super(MyUserAdmin, self).get_form(request, obj, **kwargs)
Related
I have articles that I manage via the admin section of Django.
My problem here is that I need to modify a field right after the administrator submited the form before it goes into database.
My specific need is to replace a part of a string with something else, but I don't know how to handle admin form submittions.
def save(self, *args, **kwargs):
self.title = 'someStuff' #Example
super().save(*args, **kwargs)
Here is the function to place under the model class. As simple as that
THE GOAL: Display a request-specific, read-only user_id on a django admin form when creating and updating a resource.
This display should be a readonly field (readonly, NOT disabled). The user_id displayed is derived from the requesting user (request.user) so the initial value is set from that.
Following this post, we should simply set it in the get_form method like so:
def get_form(self, request, obj=None, *args, **kwargs):
form = super(ProfileAdmin, self).get_form(request, *args, **kwargs)
form.base_fields['user'].initial = request.user
return form
However, user is no longer on the base_fields when it is readonly. In fact, I can't find it anywhere. Any thoughts?
Other posts suggest on save, which I intend to do, but I need it to show on the form before then.
You are right that making the field readonly excludes it from the base_fields.As mentioned in the docs :
Any fields in this option (which should be a list or tuple) will display its data as-is and non-editable; they are also excluded from the ModelForm used for creating and editing.
You could have define a method for it just like list_display but since you need to set user from the request, we need to have the request object, which isn't available in the method.
So for your use case, we can use formfield_for_foreignkey method as :
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'lend_by':
# setting the user from the request object
kwargs['initial'] = request.user.id
# making the field readonly
kwargs['disabled'] = True
return super().formfield_for_foreignkey(db_field, request, **kwargs)
Hope it helps.
I am starting to use Django and I have an issue trying to filter data based on user information. Let me explain how my app works. A User in my app belongs to a company. So I created a table called Company to capture company info. Then I created another table called UserCompany. Basically, it stores the Id from the Django User and the Id from my company table. Now, I want to filter data so that the user will see results filtered in the Django Admin based on their company id. He/She can only see data based on their company Id. I was able to figure this user out using get_queryset in admin.py. My only issue now is, the dropdown list that shows in admin as a result of foreign keys isn't being filtered. I did some research and found out about limit_choices_to. I can set that statically like this:
class Cleaner(models.Model):
company = models.ForeignKey('Company',limit_choices_to = {'companyname' = 'Test'}
The dropdown list in the admin section only shows the company Test. How can I do this dynamically? Do I do it in the model or do I do it in admin.py? Please help!
It's time to setup CustomAdmin for your models now. You will have to override formfield_for_foreignkey method of ModelAdmin
class CleanerAdmin(admin.ModelAdmin):
def formfield_for_foreignkey(self, db_field, request=None, **kwargs):
if db_field.name == "company":
kwargs["queryset"] = Company.objects.filter(name='Test')
return super(MyModelAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
admin.site.register(Cleaner, CleanerAdmin)
If there are session specific filter for which you need reference to logged in user object you also have reference to request object. You can write any logic here.
#admin.register(Cleaner)
class CleanerAdmin(admin.ModelAdmin):
def formfield_for_foreignkey(self, db_field, request=None, **kwargs):
if db_field.name == "company":
kwargs["queryset"] = db_field.related_model.objects.filter(name='Test')
return super(CleanerAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
I want to prevent logged-in users to access login and register forms.
I've build custom mixin, but it isn't working. The problem is that even if the user is logged in, he can access login and register forms instead of beeing redirected to homepage.
My Mixin
class MustBeAnonymousMixin(object):
''' Only anonymous users (not logged in) may access login and register
'''
def dispath(self, *args, **kwargs):
if not self.request.user.is_anonymous:
return redirect(reverse('homepage'))
return super(MustBeAnonymousMixin, self).dispatch(*args, **kwargs)
LoginFormView
class LoginFormView(MustBeAnonymousMixin, TemplateView):
'''
Display basic user login form
'''
template_name = 'members/login.html'
def get_context_data(self, **kwargs):
context = super(LoginFormView, self).get_context_data(**kwargs)
context['login_form'] = UserLoginForm()
return context
I'm using Django 1.8. What am I doing wrong?
For another case where mixin does not work:
Remember: "Mixin param" must stand before "GenericView param"
Correct:
class PostDelete(LoginRequiredMixin, generic.DeleteView):
Incorrect:
class PostDelete(generic.DeleteView, LoginRequiredMixin):
Fix the typo in dispath and use is_authenticated() instead of is_anonymous (as indicated in the previous answer already)
is_anonymous should be a function call, and you probably should not use it:
is_anonymous()
Always returns False. This is a way of differentiating User and
AnonymousUser objects. Generally, you should prefer using is_authenticated() to this method.
One of the functionalities in a Django project I am writing is sending a newsletter. I have a model, Newsletter and a function, send_newsletter, which I have registered to listen to Newsletter's post_save signal. When the newsletter object is saved via the admin interface, send_newsletter checks if created is True, and if yes it actually sends the mail.
However, it doesn't make much sense to edit a newsletter that has already been sent, for the obvious reasons. Is there a way of making the Newsletter object read-only once it has been saved?
Edit:
I know I can override the save method of the object to raise an error or do nothin if the object existed. However, I don't see the point of doing that. As for the former, I don't know where to catch that error and how to communicate the user the fact that the object wasn't saved. As for the latter, giving the user false feedback (the admin interface saying that the save succeded) doesn't seem like a Good Thing.
What I really want is allow the user to use the Admin interface to write the newsletter and send it, and then browse the newsletters that have already been sent. I would like the admin interface to show the data for sent newsletters in an non-editable input box, without the "Save" button. Alternatively I would like the "Save" button to be inactive.
You can check if it is creation or update in the model's save method:
def save(self, *args, **kwargs):
if self.pk:
raise StandardError('Can\'t modify bla bla bla.')
super(Payment, self).save(*args, **kwargs)
Code above will raise an exception if you try to save an existing object. Objects not previously persisted don't have their primary keys set.
Suggested reading: The Zen of Admin in chapter 17 of the Django Book.
Summary: The admin is not designed for what you're trying to do :(
However, the 1.0 version of the book covers only Django 0.96, and good things have happened since.
In Django 1.0, the admin site is more customizable. Since I haven't customized admin myself, I'll have to guess based on the docs, but I'd say overriding the model form is your best bet.
use readonlyadmin in ur amdin.py.List all the fields which u want to make readonly.After creating the object u canot edit them then
use the link
http://www.djangosnippets.org/snippets/937/
copy the file and then import in ur admin.py and used it
What you can easily do, is making all fields readonly:
class MyModelAdmin(ModelAdmin):
form = ...
def get_readonly_fields(self, request, obj=None):
if obj:
return MyModelAdmin.form.Meta.fields
else: # This is an addition
return []
As for making the Save disappear, it would be much easier if
has_change_permission returning False wouldnt disable even displaying the form
the code snippet responsible for rendering the admin form controls (the admin_modify.submit_row templatetag), wouldnt use show_save=True unconditionally.
Anyways, one way of making that guy not to be rendered :
Create an alternate version of has_change_permission, with proper logic:
class NoSaveModelAdminMixin(object):
def render_change_form(self, request, context, add=False, change=False, form_url='', obj=None):
response = super(NoSaveModelAdmin, self).render_change_form(request, context, add, change,form_url, obj)
response.context_data["has_change_permission"] = self.has_real_change_permission(request, obj)
def has_real_change_permission(self, request, obj):
return obj==None
def change_view(self, request, object_id, extra_context=None):
obj = self.get_object(request, unquote(object_id))
if not self.has_real_change_permission(request, obj) and request.method == 'POST':
raise PermissionDenied
return super(NoSaveModelAdmin, self).change_view(request, object_id, extra_context=extra_context)
Override the submit_row templatetag similar to this:
#admin_modify.register.inclusion_tag('admin/submit_line.html', takes_context=True)
def submit_row(context):
...
'show_save': context['has_change_permission']
...
admin_modify.submit_row = submit_row