Only show field in admin for superuser

[phoebebright]

I have a model with an owner field that I only want a superuser to be
able to change. I can't change the list of fields in form in admin.py
because there is not request.user to test at that time. If I were
using custom templates I could put it in the template, but would
rather stick to the standard admin.

If I add the field by default, Is there somewhere I could remove the
field as it's being loaded if the requesting user is not a superuser?
Any ideas gratefully received!


THIS DOES NOT WORK:

if request.user.is_superuser:
fieldsets = [
(None, {'fields':
['tourism','community','cat','name','is_live','paid','owner']}),
('Contact', {'fields':
['phone','mobile','fax','email','web','address']}),
('Details', {'fields':
['description','pic1','pic2','pic3','pic4']}),
]
else:
fieldsets = [
(None, {'fields':
['tourism','community','cat','name','is_live','paid','owner']}),
('Contact', {'fields':
['phone','mobile','fax','email','web','address']}),
('Details', {'fields':
['description','pic1','pic2','pic3','pic4']}),
]

[Zain Memon]

You can override the ModelAdmin.save_model() method to check if the current user has permission to change the owner. 

Take a look at http://www.b-list.org/weblog/2008/dec/24/admin/ to see an example.

[phoebebright]

Zain,

Thanks for responding.
I would really prefer not to show the field at all - I don't want
ordinary users being able to see a list of all the users on the
system!

Phoebe

On Apr 23, 9:42 am, Zain Memon <z...@inzain.net> wrote:
> You can override the ModelAdmin.save_model() method to check if the current
> user has permission to change the owner.

> Take a look athttp://www.b-list.org/weblog/2008/dec/24/admin/to see an
> example.

[Zain Memon]

In that case, try overriding ModelAdmin.get_fieldsets(); add the owner field to self.fieldset if request.user.is_superuser, and then call super.get_fieldsets(). 

For reference, you can find get_fieldsets() (and other beautiful things you can override) in django/contrib/admin/options.py. 

[phoebebright]

That just what I needed! Many thanks.
Here is the code that worked for me:

class WhoAdmin(admin.ModelAdmin):

fields = ('name','owner')

def get_fieldsets(self, request, obj=None):

fs = super(WhoAdmin, self).get_fieldsets(request, obj)
# only allow superusers to see/change owner
fields=list(fs[0][1]['fields'])


if not request.user.is_superuser:
fields.remove('owner')

return [(None, {'fields': tuple(fields)})]

def queryset(self, request):
if request.user.is_superuser:
return Who.objects.all()
else:
return Who.objects.filter(owner=request.user)

class Meta:
model = Who

admin.site.register(Who,WhoAdmin)

On Apr 23, 12:06 pm, Zain Memon <z...@inzain.net> wrote:
> In that case, try overriding ModelAdmin.get_fieldsets(); add the owner field
> to self.fieldset if request.user.is_superuser, and then call
> super.get_fieldsets().
> For reference, you can find get_fieldsets() (and other beautiful things you
> can override) in django/contrib/admin/options.py.
>

> On Thu, Apr 23, 2009 at 3:32 AM, phoebebright <phoebebri...@spamcop.net>wrote:
>
>
>
>
>
> > Zain,
>
> > Thanks for responding.
> > I would really prefer not to show the field at all - I don't want
> > ordinary users being able to see a list of all the users on the
> > system!
>
> > Phoebe
>
> > On Apr 23, 9:42 am, Zain Memon <z...@inzain.net> wrote:
> > > You can override the ModelAdmin.save_model() method to check if the
> > current
> > > user has permission to change the owner.

> > > Take a look athttp://www.b-list.org/weblog/2008/dec/24/admin/tosee an

[phoebebright]

Just a postscript to this - this will fail if the field being left out
is a required field. The admin form will show an error but as the
field is missing you will not know what the error is. I think with
the new hidden_fields option, this will be a workaround.