Login/Register
Django Admin - Allow models to be shown for is_staff users
Asked Answered
djangodjango-admindjango-admin-actions
D

3

5

I need to make some Django models available for is_staff=True users in the Django admin interface. I do not want to go for each user and assign them permissions or group permissions to the staff users.

Which method do I need to override in ModelAdmin or BaseModelAdmin class or is there any other simpler way? I am using Django 1.4 Version

Disinherit answered 2/1, 2016 at 12:3 Comment(3)
I don't understand. You would like restrict some model only for "staff" but you don't wont precise which users are "staff"? So how it will work?Essary
I will use is_staff from the auth_user model to determine which users are staff. I have a requirement where the staff users (is_staff=True in auth_user model) should also perform CRUD operation on a specific model.Disinherit
so use staff_member_required decorator, but first they must belong to this group, but you wrote that you do not want to enter in each USER and add it to the group.Essary
H
6
class TeacherAdmin(admin.ModelAdmin):
    def has_add_permission(self, request):
        return True
    def has_change_permission(self, request, obj=None):
        return True
    def has_module_permission(self, request):
        return True

has_module_permission checks if the model can be listed in the app labels table

Hagride answered 6/10, 2017 at 8:35 Comment(1)
This seems to be the right answer. At least in the case where you want to use the is_staff flag as a blanket permission for viewing a specific ModelAdmin. I use this has_module_permission in combination with the mixin mentioned by @mishbah.Noontime
S
5

Something like this should work:

class StaffRequiredAdminMixin(object):

    def check_perm(self, user_obj):
        if not user_obj.is_active or user_obj.is_anonymous():
            return False
        if user_obj.is_superuser or user_obj.is_staff:
            return True
        return False

    def has_add_permission(self, request):
        return self.check_perm(request.user)

    def has_change_permission(self, request, obj=None):
        return self.check_perm(request.user)

    def has_delete_permission(self, request, obj=None):
        return self.check_perm(request.user)

and all ModelAdmin(s) should inherit this class. For example:

class MyModelAdmin(StaffRequiredAdminMixin, admin.ModelAdmin):
    pass

admin.site.register(MyModel, MyModelAdmin)

Please note, this code is untested.

Serow answered 3/1, 2016 at 18:26 Comment(2)
You code looks perfectly fine. but the model does not get listed in the admin template of a staff user until and unless I specifically provide its permission in the permission table. I just wanted to by-pass the assigning permission/group permissions. This code will come into picture once I have that model listed in my admin template for a staff user.Disinherit
Keep in mind that the mixin has to be the first, since the priority of how methods are resolved is from left to right.Mitziemitzl
E
2

The staff_member_required decorator

staff_member_required(redirect_field_name='next', login_url='admin:login') [source]

This decorator is used on the admin views that require authorization. A view decorated with this function will having the following behavior:

If the user is logged in, is a staff member (User.is_staff=True), and is active (User.is_active=True), execute the view normally.

Otherwise, the request will be redirected to the URL specified by the login_url parameter, with the originally requested path in a query string variable specified by redirect_field_name. For example: /admin/login/?next=/admin/polls/question/3/.

Example usage:

from django.contrib.admin.views.decorators import staff_member_required

@staff_member_required
def my_view(request):
    ...
Essary answered 2/1, 2016 at 12:15 Comment(3)
I have to make use of django admin system. I do not call any view function since I am using Django's Admin Interface.Disinherit
this is admin view decoratorEssary
how do I see those models in django admin interface when I login to my website 127.0.0.1:8287/admin and my user is a staff user (is_staff=True). I only see for this user - "You don't have permission to edit anything". but for admin use (is_admin=True) I see the list of all models registered.Disinherit

© 2022 - 2024 — McMap. All rights reserved.