Read Only by user in Django Admin

Hangloser Firestarter

unread,

Feb 8, 2015, 9:44:26 AM2/8/15

to django...@googlegroups.com

Hello.
I am using the admin backend of a system, but not all users of this backend can access all system models.
By default Django is the roles ADD, EDIT and DELETE, I wonder if anyone has customized the model auth.permission to generate a permission 'read only' to Django Admin? Or if you have used any APP to do that.

Thank

Edgar Gabaldi

unread,

Feb 8, 2015, 9:50:32 AM2/8/15

to django...@googlegroups.com

The ModelAdmin has a method get_readonly_fields [1]. You can override this method and check a custom permission[2].

[1] https://docs.djangoproject.com/en/1.7/ref/contrib/admin/#django.contrib.admin.ModelAdmin.get_readonly_fields

[2] https://docs.djangoproject.com/en/1.7/ref/models/options/#permissions

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/977d9fa7-0f27-4346-8322-e7938f263fac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hangloser Firestarter

unread,

Feb 8, 2015, 9:55:28 AM2/8/15

to django...@googlegroups.com

Gabaldi.

Can I integrate this get_readonly_fields with auth.groups?

And show whitelisted django admin.

Edgar Gabaldi

unread,

Feb 8, 2015, 10:16:34 AM2/8/15

to django...@googlegroups.com

In the get_readonly_fields, you have access to the request.user, you can check the permission inside the method, something like that:

def get_readonly_fields(self, request, obj=None):

if obj and not request.user.has_perm('your_app.your_custom_permission'):

# return a tuple with all fields that needs to be read only.

return None

You can add your custom permission to a group.

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/e376a4ce-dd8d-4ba9-9dbd-f0fbfc96bd96%40googlegroups.com.

Hangloser Firestarter

unread,

Feb 8, 2015, 2:15:42 PM2/8/15

to django...@googlegroups.com

Solved.

In __init__.py
...
from django.db.models.signals import post_syncdb
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import Permission

def add_view_permissions(sender, **kwargs):
    """
    This syncdb hooks takes care of adding a view permission too all our
    content types.
    """
    # for each of our content types
    for content_type in ContentType.objects.all():
        # build our permission slug
        codename = "view_%s" % content_type.model

        # if it doesn't exist..
        if not Permission.objects.filter(content_type=content_type, codename=codename):
            # add it
            Permission.objects.create(content_type=content_type,
                                      codename=codename,
                                      name="Can view %s" % content_type.name)
            print("Added view permission for %s" % content_type.name)

# check for all our view permissions after a syncdb
post_syncdb.connect(add_view_permissions)
...

In admin.py
...
class MyAdmin(admin.ModelAdmin):
    def has_change_permission(self, request, obj=None):
        ct = ContentType.objects.get_for_model(self.model)
        salida = False
        if request.user.is_superuser:
            salida = True
        else:
            if request.user.has_perm('%s.view_%s' % (ct.app_label, ct.model)):
                salida = True
            else:
                if request.user.has_perm('%s.change_%s' % (ct.app_label, ct.model)):
                    salida = True
                else:
                    salida = False
        return salida

    def get_readonly_fields(self, request, obj=None):
        ct = ContentType.objects.get_for_model(self.model)
        if not request.user.is_superuser and request.user.has_perm('%s.view_%s' % (ct.app_label, ct.model)):
            return [el.name for el in self.model._meta.fields]
        return self.readonly_fields
...

in models.py
...
class City(models.Model):
    nome_cidade = models.CharField(max_length=100)
    estado_cidade = models.CharField(max_length=100)
    pais_cidade = models.CharField(max_length=100)

    def __str__(self):
        return self.nome_cidade

    class Meta:
        permissions = (
            ('view_city', 'Can view city'),
        )
...

Thank's for help!

Naveen Kumar

unread,

Oct 24, 2016, 8:49:27 AM10/24/16

to Django users

Hello,

This looks perfect when i don't have any fields in list_editable.

This code is not working with list_editable.

Derek

unread,

Oct 24, 2016, 9:26:29 AM10/24/16

to Django users

Would it be possible to add these extra admin methods into a parent class; and then have all your individual model admins inherit from it? Ditto for the models.py

Luis Zárate

unread,

Oct 25, 2016, 2:04:23 PM10/25/16

to django...@googlegroups.com

I don't know why Django doesn't support readonly view, various proposal was summit and always was reject.

Django Admin needs Readonly View functionality for a complete implementation of CRUD.

There is a lot of scenarios where you need readonly view for your staff. And yes you can implement a readonly in django admin without modify django core admin with some tricks.

I

--

You received this message because you are subscribed to the Google Groups "Django users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.

Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/74f952fe-f0f5-4fb3-abd4-d6736cbd2743%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

"La utopía sirve para caminar" Fernando Birri

Olivier Dalang

unread,

Oct 28, 2016, 10:35:52 AM10/28/16

to django...@googlegroups.com

Hi,

The following PR is ready to merge and implements this: https://github.com/django/django/pull/6734

I will squash the commits as soon as I'm back in the office (next week) and it will probably be merged soon.

Bests

Olivier

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAG%2B5VyMVxD7n3FoJf%3D8xgweBAXueK6qv5tUAQhe_Dg8A%2B6ZLLQ%40mail.gmail.com.

Juan Corrales Araya

unread,

Feb 20, 2017, 8:53:53 PM2/20/17

to Django users

Hi.

The answer is very simple.
you have to install django-admin-view-permission

then you have to added on setting

INSTALLED_APPS = [

...

'admin_view_permission',

...

]

finally you have to run: python manage.py migrate

You will see that the permission will already be available in the admin panel.

For more information see the package web page:

http://django-admin-view-permission.readthedocs.io/en/latest/index.html

Reply all

Reply to author

Forward