Reputation: 1617
Django how to restrict staff-user to edit or delete others staff-user post from django admin panel
Right now my all django staff-user can edit or delete others staff-user post. I want they only can able to be edit or delete their own post from django admin panel. How to restrict them to edit or delete others user post? here is my code:
views.py:
class BlogPublishView(PermissionRequiredMixin,CreateView):
raise_exception = True
permission_required = "blog.add_post"
model = Post
form_class = BlogPost
template_name = "blog_post.html"
#fields = ['title','author','body']
class BlogUpdateView(PermissionRequiredMixin,UpdateView):
raise_exception = True
permission_required = "blog.change_post"
model = Post
template_name = "blog_update_post.html"
form_class = BlogPost
class BlogDeleteView(PermissionRequiredMixin,DeleteView):
raise_exception = True
permission_required = "blog.delete_post"
model = Post
template_name = "delete_blog_post.html"
success_url = reverse_lazy('blog')
urls.py
path('blog-post', BlogPublishView.as_view(), name='blog-post'),
path('blog-update/<slug:slug>', BlogUpdateView.as_view(), name='blog-update'),
path('blog-delete/<slug:slug>', BlogDeleteView.as_view(), name='blog-delete'),
html
{% if user.is_authenticated %}{% if user.id == post.author.id %} <a href="{% url 'blog-update' post.slug %}"><b>(Edit Blog)</b></a> <a href="{% url 'blog-delete' post.slug %}"><b>(Delete Blog)</b> </a>{% endif %}{% endif %}
Let you explain little bit more if you still now don't understand my problem. Assume I have three user in my djano admin panel "A", "B" and "C". User "A" is Admin and user "B" and "C" is staff-user. User "B" and "C" have permission only edit, delete and publish post from admin panel. The problem is user "A" can edit and delete user "B" post and also user "B" can edit or delete user "A" post. I want to restrict both of staff-user to edit, delete and view each others post from django admin panel. They can only be view, edit and delete their own post from django admin panel.
Upvotes: 1
Views: 1514
Answers (1)
Reputation: 1617
After lot of research I find the solution. I solved the problems After using "get_queryset" method in my django admin model. here is the code:
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
return qs.filter(author=request.user)
You can read more details here. Before apply get_queryset user "A" and user "B" can view, edit and delete each others post from django admin panel. See the picture where user "A" logged in django admin panel and he aslo can edit user "B" and others member post.
after apply get_queryset method I restricted user "A" to view, edit and delete post of user "B". Now user "A" can only view, edit and delete his own post. see the picture
If you apply this get_queryset method in your admin model then except admin nobody can view, edit and delete others user post.
Upvotes: 3
Related Questions
- Need to restrict the access for staff users to view and edit only their inputted data in django admin
- Django - How to allow only the owner of a new post to edit or delete the post?
- Django restrict other users from editing posts
- How to prevent staff users from editing/deleting superuser in django
- Adding user restrictions on who can edit posts in Django
- Django Admin: Restrict staff to update
- How to prevent users from editing or deleting other user posts ? Django
- In Django, what is the easiest way to make only the author edit/remove a posting?
- changing the access: from everyone to restricted user, allowing only the user that created post to be able to edit and delete
- Restrict (permission) Django staff user from changing certain fields of a model