Geek Answers Handbook

Object Level Permissions in Django Admin

I have a model that looks like this:

class Change(models.Model):
    RFC = models.CharField(max_length=10)
    Ticket_Number = models.CharField(max_length=10)
    Plan_Owner = models.ForeignKey(User)

Then I will register the model with the Django admin using this:

class ChangeAdmin(admin.ModelAdmin):
    search_fields = ('RFC', 'Ticket_Number','Plan_Owner')
    list_display = ('RFC', 'Ticket_Number','Plan_Owner')

    fieldsets = [
        ('Ticket Details', {
            'fields': ['RFC', 'Ticket_Number', 'Plan_Owner']}),
    ]

admin.site.register(Change, ChangeAdmin)

I want to achieve to ensure that Plan_owner for a particular change is the only one who can edit it separately from the superuser. Everyone can view it, but the owner of the plan is the only one who can make changes to it. Also, while editing, I mean, he can do something, but delete the line. I looked at the Django keeper and it does exactly what I want, but I need to manually set the permissions for the guardian for each row. I am looking for a solution in which these permissions are automatically set according to my requirements ...

+5
2

- , . owner ForeignKey ( Plan_Owner - , Plan_Owner Ticket_Number Ticket_Number pep 8 django).

, , django:

http://spapas.imtqy.com/2013/11/05/django-authoritiy-data/

, , , , .

:

, CBV , ( , UserData:

class UserDataCreateView(CreateView):
  model=models.UserData

  def get_form_kwargs(self):
      kwargs = super(UserDataCreateView, self).get_form_kwargs()
      kwargs.update({'request': self.request})
      return kwargs

class UserDataDetailView(DetailView):
  def get_object(self, queryset=None):
      obj = super(UserDataDetailView, self).get_object(queryset)
      if not user_has_access(obj, self.request):
          raise Http404(u"Access Denied")
      return obj

class UserDataUpdateView(UpdateView):
  model=models.AuthorityData

  def get_form_kwargs(self):
      kwargs = super(UserDataUpdateView, self).get_form_kwargs()
      kwargs.update({'request': self.request})
      return kwargs

  def get_object(self, queryset=None):
      obj = super(UserDataUpdateView, self).get_object(queryset)
      if not user_has_access(obj, self.request):
          raise Http404(u"Access Denied")
      return obj

, request.user ( ), request ModelForm. has_access, , , :

def has_access(obj, req):
    if req.user == obj.owner:
        return True
    return False

Yot ModelForm ( /):

class UserDataModelForm(forms.ModelForm):
    class Meta:
      model = models.UserData
      exclude = ('owner',)

    def __init__(self, *args, **kwargs):
      self.request = kwargs.pop('request', None)
      super(ActionModelForm, self).__init__(*args, **kwargs)

    def save(self, force_insert=False, force_update=False, commit=True):
      obj = super(UserDataModelForm, self).save(commit=False)
      if obj:
          obj.owner = self.request.user
          obj.save()
      return obj

request kwargs , reqest.user.

+5

, get_queryset() ModelAdmin. get_queryset() - , . , Change.objects.all() get_queryset(), Change . Change.objects.none() get_queryset(), Change .

, get_queryset().

, , . get_queryset() queryset, , QuerySet, all() .

get_queryset() ChangeAdmin.

class ChangeAdmin(admin.ModelAdmin):
    model = Change
    search_fields = ('RFC', 'Ticket_Number','Plan_Owner')
    list_display = ('RFC', 'Ticket_Number','Plan_Owner')

        fieldsets = [
        (
            'Ticket Details', {
                'fields': ['RFC', 'Ticket_Number', 'Plan_Owner']
            }
        ),
    ]

    def get_queryset(self, request):
        if request.user.is_superuser:
            queryset = Change.objects.all()
        else:
            try:
                queryset = Change.objects.filter(plan_owner_id=request.user.id)
            except:
                queryset = Change.objects.none()
        return queryset


admin.site.register(Change, ChangeAdmin)

, , Change. , " Change ( Plan_Owner of Change), .

0

More articles:


All Articles