Reputation: 87261
Django admin - limiting access to objects based on the user logged in
I'm working on creating a simple website for an exhibition. It's intended to use django with django CMS as much as possible - so Django admin site will be used.
Now I want to limit user's access to objects they can view/modify/delete.
There's going to be an Admin user, who can do all that admin can in django. But there are going to be Exhibitor types of users, who should be able to only see/modify their own objects (like - Page and Offer, they both would have an ID of the Exhibitor who's their owner).
Can this be done on the model level in django? Best would be to have some method that would take a logged-in-user instance and return the list of objects that this user can see.
Upvotes: 1
Views: 1084
Answers (1)
Reputation: 56418
There used to be a Row level permissions branch but it appears to have died off before gaining any traction or hope of being included into the trunk, so unfortunately that is out. That link does, however, give you a bit of a hint as to how they claim the admin app currently supports it via the ModelAdmin class.
Upvotes: 2
Related Questions
- How to restrict certain fields in a model based on the user in django
- Django Admin: Show different models to different users
- Django: restrict user access to their own objects only
- Allowing a user to access specific models in admin
- Filter django admin by logged in user
- Django admin -- restricting access by user
- Specialized admin sees subset of objects, based on user
- Admin view access to other normal users in django
- Django admin- constrain visibility of models and model instances based on who logged in
- Django admin - Restrict user view by permission