Задать вопрос

Тел: +7 965 3737 888

480

Просмотров

4

Ответов

multiblog - a simple example of row-level permissions in the admin

From my talk this morning at PyCon UK 2008: a very simple multiple user blog model with an admin interface configured to only allow people to edit or delete entries that they have created themselves, unless they are a super user.

Вопрос полезен? Да0/Нет0
file_3359.py(1.3Кб)
None

Ответы (4):

Ответjheasly:08.01.2010
Ответ полезен? Да0/Нет0

@mambo;

About this line:

return form.base_fields['redirect'].queryset = Domain.objects.filter(userindomain__user = request.user)

... what is "userdomain"? A relation of some kind in the model "Domain"?

Ответmambo:01.06.2009
Ответ полезен? Да0/Нет0

Add following methods to your ModelAdmin and define filters for form and queryset.

class ModelAdmin(admin.ModelAdmin):
    def queryset(self, request):
        queryset = super(ModelAdmin, self).queryset(request)
        if request.user.is_superuser:
            return queryset
        return self.filter_user_queryset(queryset, request)

    def get_form(self, request, obj=None):
        form = super(ModelAdmin, self).get_form(request, obj)
        if request.user.is_superuser:
            return form
        return self.filter_user_form(form, request)

    def get_changelist_form(self, request, **kwargs):
        form = super(ModelAdmin, self).get_changelist_form(request, **kwargs)
        if request.user.is_superuser:
            return form
        return self.filter_user_form(form, request)

    def get_changelist_formset(self, request, **kwargs):
        formset = super(ModelAdmin, self).get_changelist_formset(request, **kwargs)
        if request.user.is_superuser:
            return formset
        formset.form = self.filter_user_form(formset.form, request)
        return formset

    def filter_user_form(self, form, request):
        return form

    def filter_user_queryset(self, queryset, request):
        return queryset

class MyAdmin(ModelAdmin):
    def filter_user_form(self, form, request):
        return form.base_fields['redirect'].queryset = Domain.objects.filter(userindomain__user = request.user)

    def filter_user_queryset(self, queryset, request):
        return queryset.filter(userindomain__user = request.user)

Ответatozand1to10:08.05.2009
Ответ полезен? Да0/Нет0

Facing the same problem as above. Has anyone figured it out yet? Please share.

Ответmemyselfandi:18.09.2008
Ответ полезен? Да0/Нет0

this works fine, but suppose you have the following case that your initial model has a foreign key to a different model, then filtering does not work. The normal user will still see all entries from all other users. In this case (assuming you use the same admin model that you proposed for both models) a normal user will only be able to see his entries and projects, but when he creates a new entry, he can choose from all projects, not only his own. Is there a way to submit a filter to ForeigKey?

class Entry(models.Model):
    title = models.CharField(max_length=255)
    body = models.TextField()
    created = models.DateTimeField(auto_now_add = True)
    author = models.ForeignKey('auth.User')
    project = models.ForeignKey(Project)

class Project(models.Model):
    title = models.CharField(max_length=255)
    body = models.TextField()
    created = models.DateTimeField(auto_now_add = True)
    author = models.ForeignKey('auth.User')

[HTML_REMOVED][HTML_REMOVED]