Reputation: 217
Django Admin adding permission to staff user doesn't work
I'm building a system where I need super admin can create groups and set different set of permissions for different groups.
Let's say I'm building a Library management system
I have extended my django User model and created a custom django user named LibraryUser.
class LibraryUser(AbstractBaseUser):
groups = models.ManyToManyField(Group, verbose_name=_('groups'),blank=True,
related_name="tmp_user_set", related_query_name="user")
user_permissions = models.ManyToManyField(Permission,
verbose_name=_('user permissions'), blank=True,
related_name="tmp_user_set", related_query_name="user")
# username = models.CharField(_('username'), max_length=30, unique=True,
# validators=[
# validators.RegexValidator(re.compile('^[\w.@+-]+$'), _('Enter a valid username.'), _('invalid'))
# ])
first_name = models.CharField(_('first name'), max_length=30, blank=True, null=True)
last_name = models.CharField(_('last name'), max_length=30, blank=True, null=True)
email = models.EmailField(_('email address'), max_length=255, unique=True)
is_staff = models.BooleanField(_('staff status'), default=False)
is_active = models.BooleanField(_('active'), default=False)
is_superuser = models.BooleanField(_('admin'), default=False)
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
receive_newsletter = models.BooleanField(_('receive newsletter'), default=False)
facebook_id = models.CharField(max_length=30, blank=True)
activation_key = models.CharField(max_length=40, blank="True")
reset_password_key = models.CharField(max_length=40, blank="True")
key_expires = models.DateTimeField(default=datetime.datetime.now() + datetime.timedelta(days=1))
is_email_verified = models.BooleanField(default=False)
objects = LibraryUserManager()
USERNAME_FIELD = 'email'
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users')
def get_full_name(self):
full_name = '%s %s' % (self.first_name, self.last_name)
return full_name.strip()
def get_short_name(self):
return self.first_name
def email_user(self, subject, message, from_email=None):
send_mail(subject, message, from_email, [self.email])
def has_perm(self, perm, obj=None):
return self.is_superuser
def has_module_perms(self, app_label):
return self.is_superuser
I have LibraryUserManager extended from BaseUserManager and created a createstaffuser function which helps in creating a staff user.
class LibraryUserManager(BaseUserManager):
def _create_user(self, email, password, is_staff, is_superuser, **extra_fields):
now = timezone.now()
email = self.normalize_email(email)
user = self.model( email=email, is_staff=is_staff,
is_active=False, is_superuser=is_superuser, last_login=now,
date_joined=now, **extra_fields)
user.set_password(password)
user.is_active = True
user.save(using=self._db)
return user
def create_user(self, email=None, password=None, **extra_fields):
return self._create_user(email, password, False, False, **extra_fields)
def create_staffuser(self, email=None, password=None, **extra_fields):
user = self._create_user( email, password, True, False, **extra_fields)
user.is_staff = True
user.save(using=self._db)
return user
def create_superuser(self, email, password, **extra_fields):
user = self._create_user( email, password, True, True, **extra_fields)
user.is_superuser = True
user.save(using=self._db)
return user
def update_user_details(self, email, first_name, last_name):
user = User.objects.get(email=email)
if user is not None:
user.first_name = first_name
user.last_name = last_name
user.save
return user
return None
And I have two groups named manager and editor with curresponding permissions. So when I logged in from my superuser and set some group permissions for the other user I can see the group and corresponding permissions gets updated in their profile.
But when I log in from the staff account I'm seeing the following message
Site administration
You don't have permission to edit anything.
Please let me know if I'm missing something.
Upvotes: 0
Views: 1796
Answers (1)
Reputation: 599956
You've overridden has_perm, which checks if the user has the permission to edit something, to only return True if the user is a superuser. So a non-superuser will never have any permissions in the admin interface.
If that's not what you want, don't do that.
Upvotes: 4
Related Questions
- Django-admin won't allow me to modify user permissions and groups
- django admin permissions - can edit user but can't edit his permissions - how to do it?
- Give access to Django Admin (staff status) by adding to Group
- Add staff user permissions in admin with custom user model
- Setting Django admin permissions programmatically
- Add Permission to Django Admin
- How to give user permission on django admin site
- django admin not working with custom user
- Django Admin - Permissions Not Picking Up for Staff
- Django - Granting custom permissions to a user