CODEWITHSUNDEEP
djangodjango-permissionsdjango-grappellidjango-filebrowser
Filip Kołakowski
Filip Kołakowski

Reputation: 13

How to limit access to grappelli filebrowser using django auth permissions?

I need to restrict user access to filebrowser using permissions. For example, only users with permission "can_upload_files" should be able to see Filebrowser in my custom dashboard.

Is this possible?

Thanks!

Upvotes: 1

Views: 1049

Answers (2)

schettino72
schettino72

Reputation: 3170

This can be done by a middleware. Something like:

from django.http import HttpResponseForbidden

class MediaLibraryAccess(object):
    def process_request(self, request):
        if not request.path.startswith('/admin/media-library'):
            return None
        if request.user and request.user.is_superuser:
            return None
        return HttpResponseForbidden('Access Forbidden')

Do not forget to activate the middleware in your settings.py

MIDDLEWARE_CLASSES = (
       ...
       "myapp.middleware.MediaLibraryAccess",
)

In this example I am checking for superuser but you could easily check for a specific permission...

Upvotes: 0

postrational
postrational

Reputation: 6356

If the thing you want to accomplish is to simply hide the "Media Management" group from your dashboard, you can use the following conditional in your dashboard.py code:

if context.get('user').has_perm('accounts.can_upload_files'):
    self.children.append(modules.LinkList(
        _('Media Management'),
        column=2,
        children=[
            {
                'title': _('FileBrowser'),
                'url': '/admin/filebrowser/browse/',
                'external': False,
            },
        ]
    ))

Note that this will not actually limit access to the FileBrowser, simply hide the link.

Upvotes: 4

Related Questions