ModelAdmin.has_change_permission gives 403
92 views
Skip to first unread message
Mike Dewhirst
Nov 25, 2014, 8:00:42 PM11/25/14
to django...@googlegroups.com
From the docs ...
https://docs.djangoproject.com/en/1.6/ref/contrib/admin/#django.contrib.admin.ModelAdmin.has_change_permission
... is working nicely except it just pops up a standard error page 403
Forbidden when it returns False.
How can I intercept this in the Admin and treat it like an error
displayed like all the other validation errors generated from the
model.clean() method???
I'd like to raise a business rule violation exception on saving the model.
Thanks for any hints
Mike
https://docs.djangoproject.com/en/1.6/ref/contrib/admin/#django.contrib.admin.ModelAdmin.has_change_permission
... is working nicely except it just pops up a standard error page 403
Forbidden when it returns False.
How can I intercept this in the Admin and treat it like an error
displayed like all the other validation errors generated from the
model.clean() method???
I'd like to raise a business rule violation exception on saving the model.
Thanks for any hints
Mike
Mike Dewhirst
Nov 25, 2014, 10:20:33 PM11/25/14
to django...@googlegroups.com
On 26/11/2014 11:59 AM, Mike Dewhirst wrote:
> From the docs ...
>
> https://docs.djangoproject.com/en/1.6/ref/contrib/admin/#django.contrib.admin.ModelAdmin.has_change_permission
>
> ... is working nicely except it just pops up a standard error page
> 403 Forbidden when it returns False.
Actually, I must have changed my code and refreshed an already rendered
> From the docs ...
>
> https://docs.djangoproject.com/en/1.6/ref/contrib/admin/#django.contrib.admin.ModelAdmin.has_change_permission
>
> ... is working nicely except it just pops up a standard error page
> 403 Forbidden when it returns False.
form when I thought it was working. Just clicking on the wrong model in
the admin list pops up a 403 Forbidden page. It looks like
ModelAdmin.has_change_permission() must return True to render the change
form.
Maybe someone can tell me how to make a model read-only for certain
users based on their relationship with the model?
To elaborate somewhat, a company owns a substance displayed on a page in
the admin and any user should be able to see it but only users who are
members of the same company may change or delete it.
Thanks
Simon Charette
Nov 26, 2014, 8:08:50 AM11/26/14
to django...@googlegroups.com
In order to make a model admin read only I suggest you make sure `get_readonly_fields()` return all of them.
Simon
from django.contrib.admin.utils import flatten_fieldsets
def get_readonly_fields(request, obj=None):
# Put your business logic here to determine whether or not
# the whole model should be read-only based on request.user
# and obj.
return flatten_fieldsets(self.get_fieldsets(request, obj))
Simon
Mike Dewhirst
Nov 26, 2014, 8:42:30 AM11/26/14
to django...@googlegroups.com
Simon
Thank you. Yes I had thought that if/else was a last resort possibility. However, one of the nice features I wanted to retain is "Save as" to let a user copy the records. By the way there are many 1:1 and 1:n records connected to substance.
I haven't seen flatten_fieldsets before so I'll look at that.
Cheers
Mike
Thank you. Yes I had thought that if/else was a last resort possibility. However, one of the nice features I wanted to retain is "Save as" to let a user copy the records. By the way there are many 1:1 and 1:n records connected to substance.
I haven't seen flatten_fieldsets before so I'll look at that.
Cheers
Mike
Reply all
Reply to author
Forward
0 new messages