As you know, when give a can_view permission to a staff user, that user can view entire fields and able to make changes in any fields if editable.
Is there any feature in Django to make some staff users to restrict to view change list but can't get in to record. I just want to make them use only actions in change_list that if I give specific permissions. Otherwise they must just see the list without doing anything.
I know there are options like customizing django admin template or override any admin template. But it takes to much time. I wonder if there is any solution without customize or override.
Related
In django-admin, we have 3 rules that we can attribute to a table we can add, modify and delete. When you choose for an user the rule of modify, he can't add and delete.
My problem is that a have list of object and I don't want that the user be able to modify but only choose.
How I can disable it?
It's complicated.
django-admin as the name suggests is intended for admins, who should be able to edit, delete and make new tables.
Maybe this topic will be helpful for you:
https://github.com/lambdalisue/django-permission/issues/67
View permissions in Django
I am trying to add a non-model form in django admin interface and am not able to find any particular way to do it. This form would do some processing and change some data in the DB. But this is not related to a particular Model and should stand out. This form should not be available for the user to use.
One thing I can do is add the form to the general view and prohibit using permissions but I was thinking since django admin interface already exists, it would be better to add that to the django admin interface.
Is this possible to do in Django?
You can add arbitrary views that within a ModelAdmin that do whatever you want. See the documentation for ModelAdmin.get_urls. You can do the same at a higher level by defining AdminSite.get_urls.
I want to every user who is staff be able to see one certain model of my app as it would be related to it.
Instead to overwrite the save function in that model to get every staff user and relate them to the instance of that model through a Forneign Key I want to modify the permissions of the staff users to allow them to see the instances of that especific model in the admin interface.
Any clues on how to do it?
Sounds like you need Object-level permissions. Take a look at django-guardian package https://github.com/django-guardian/django-guardian
Hi im really a noob at django.
Can i ask if there is anyway to filter list by user group?
When creating a user at admin, there is also choice for creating groups. After assigning these user to certain groups, i have another model e.g. Staff where Staff information is provided and is linked to the user. So very Staff must be a user and also must be member of the group staff. I have already created a drop down menu at Staff Page for the list of users when creating a new Staff.
The problem is that i cant seem to figure out how the list of users shown at staff page can be filtered according to the user group and also assignment since it should be OnetoOne relation w/ the user. So users who been used or is already linked to a certain staff will not show in that list again when creating a new Staff.
Im thinking of using Staff.model.count()? to do that and == the user to Staff User Group. but where should i out in order to customize it? please help
You should write your own ModelAdmin, then unregister User and register User with UserAdmin with your custom behaviour. This way you can overwrite the queryset, forms etc.. Look at the ModelAdmin source code
class UserAdmin(admin.ModelAdmin):
# do stuff
admin.site.unregister(User)
admin.site.register(User, UserAdmin)
I want to override the index view present in class AdminSite in django.contrib.admin.sites. What I want to do through this is I want to check here if user is superuser then show index.html template with all models otherwise if user is an normal staff user then show him/her a test.html template with different content.
The auth package lets you set up permissions on a model-by-model basis out of the box. There's not necessarily a need to override the view. See https://docs.djangoproject.com/en/dev/topics/auth/#permissions