Задать вопрос

Тел: +7 965 3737 888





Row-Level, URL-based permissions for FlatPages

<p>I'm using Django's FlatPages, but I want to be able to restrict admin access to Users based on a FlatPage url.  For example,  User John Doe should be able to edit any FlatPage objects whose URL begins with /johndoe/ (such as /johndoe/about/ or /johndoe/projects/whatever/).</p>
<p>For this to work, John Doe would already need the appropriate admin permissions for FlatPage (such as can_add and can_change).</p>
<p>I have set this up as a separate <em>flatpage_addons</em> app.  It consists of the <strong>Permission</strong> model, which maps a starting URL to one or more django Users.  It consists of the minimal necessary admin code so Permissions can be created using the admin. </p>
<p>The bulk of this code consists of the <em>ifhasflatpagepermission</em> template tag as well as the <em>flatpage_result_list</em> inclusion tag. The former works much like django's existing <em>if</em>, <em>else</em>, <em>endif</em> tags while the latter is modified from the django admin's <em>result_list</em> inclusion tag.</p>
<p>This may not be the most elegant solution to my problem, but so far it works for me.  Any comments or suggestions are welcome!</p>

Вопрос полезен? Да0/Нет0

Ответы (2):

Ответ полезен? Да0/Нет0

bartTC, I'm assuming you meant the admin template part? I really didn't want to touch the flatpage code, so that's why I just override the template (which I'm doing for flatpages anyway). I'm sure this is not the best solution, but it solves my problems :)

Ответ полезен? Да0/Нет0

The admin part looks complicated to me. I guess it's enough to just overwrite the ModelAdmin.queryset method to filter the rows that the user has permission to.