Reputation: 5187
"you don't have permission to edit anything" on custom AdminSite if user is not superuser
I wan't to have multiple AdminSite on my Django project and I don't want to give every user the superuser role just to see and edit the models of the application.
Here is the layout of my project:
> djangoApp
> djangoApp
- settings.py
- etc...
> AAA
- admin.py
- urls.py
- etc..
> BBB
- admin.py
- urls.py
- etc..
> CCC
- admin.py
- urls.py
- etc..
> ressources
- models.py
- etc..
> core
- admin.py
- auth.py
- models.py
- views.py
Here is the admin.py of BBB (I use a different database for each AdminSite):
from django.contrib import admin
from django.contrib.admin import AdminSite, site
from core.admin import UserAuthenticationForm
from ressources.models import Adresse
class BBBAdminSite(AdminSite):
site_header = 'BBB admin'
login_form = UserAuthenticationForm
login_template = "core/login.html"
def has_permission(self,request):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
class AdminModel(admin.ModelAdmin):
using = 'DATABASE_NAME'
def has_add_permission(self, request):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def has_change_permission(self, request, obj=None):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def has_delete_permission(self, request, obj=None):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def save_model(self, request, obj, form, change):
user = request.user
obj.account_id = user.account_id
obj.save(using=self.using)
def delete_model(self, request, obj):
obj.delete(using=self.using)
def get_queryset(self, request):
return super(AdminModel, self).get_queryset(request).using(self.using)
def formfield_for_foreignkey(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_foreignkey(db_field, request=request, using=self.using, **kwargs)
def formfield_for_manytomany(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_manytomany(db_field, request=request, using=self.using, **kwargs)
bbbAdmin = BBBAdminSite(name='bbbAdmin')
bbbAdmin.register(Adresse, AdminModel) ### The user can see this in the admin dashboard only if he is superuser
Here is the urls.py of the same app:
from django.contrib import admin
from django.urls import include, path, re_path
from BBB.admin import bbbAdmin
urlpatterns = [
path('', bbbAdmin.urls),
]
I use a different AuthBackend to authenticate my users:
core/auth.py:
from django.conf import settings
from django.contrib.auth.hashers import check_password
from .models import User
class AuthBackend(object):
def has_perm(self, user_obj, perm, obj=None):
if(obj != None):
return (obj.account_id == user_obj.account_id)
return False
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
def authenticate(username=None, password=None, account_id=None):
try:
user = User.objects.get(username=username, account_id=account_id)
except User.DoesNotExist:
return None
pwd_valid = check_password(password, user.password)
if pwd_valid:
return user
else:
return None
I have registered the AuthBackend in my settings.py:
AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend',)
I tried to change it to:
AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend', 'django.contrib.auth.backends.ModelBackend',)
But it gives me the error
You have multiple authentication backends configured and therefore must provide the
backendargument or set thebackendattribute on the user.
I have tried to put the user in a group which had all the permissions, but it still displays "you don't have permission to edit anything" when he logins. The user has is_staff set to True
Upvotes: 3
Views: 2614
Answers (2)
Reputation: 116
For me, I created a custom admin site and made the mistake of initializing it in multiple places, to resolve this, initialize your admin site only once in a variable like so:
custom_admin_site = CustomAdminSite()
preferably in the same file, it was declared, Then import the variable holding that instance anywhere it needs to be used like in the urls.py for registering the custom_admin_site.urls and in for registering your models across apps.
Initializing it somewhere else is creating a whole new admin site and not the same one you initialized earlier, hence the no permission error.
Upvotes: 1
Reputation: 5187
I have found the solution. I forgot to add the method "has_module_permission" to my AdminModel
BBB/admin.py
class AdminModel(Admin.ModelAdmin):
[...]
def has_module_permission(self,request):
return True
[...]
Upvotes: 6
Related Questions
- "You don't have permission to view or edit anything." even if user has access to model
- django admin permissions - can edit user but can't edit his permissions - how to do it?
- Error creating superuser in Django
- You don’t have permission to view or edit anything - only super users is able to do everything
- django admin - You don't have permission to edit anything
- Can not create superuser in django python admin
- django admin not working with custom user
- issue involving django admin rights for non superuser accounts
- Non-superuser access to Django Admin
- Django admin site not accepting superuser