Django admin - change permissions list

Question

Is there any possibility to change permissions list in user edit page? I don't wan't to show all of permissions for example admin log entry or auth group etc. How can I modify a main queryset to exclude some of it?

Answer 1

I got the idea from this topic, which also answer your question, but it's not that clear.

You have to overwrite the queryset of user permissions in the UserAdmin form used for visualization.

To do this, the easiest way is to create a subclass of UserAdmin and overwrite the get_form method:

from django.contrib.auth.models import User
from django.contrib.auth.admin import UserAdmin

class MyUserAdmin(UserAdmin):
    def get_form(self, request, obj=None, **kwargs):
        # Get form from original UserAdmin.
        form = super(MyUserAdmin, self).get_form(request, obj, **kwargs)
        if 'user_permissions' in form.base_fields:
            permissions = form.base_fields['user_permissions']
            permissions.queryset = permissions.queryset.filter(content_type__name='log entry')
        return form

You can change the filter of your queryset for whatever you want: Examples:

# Exclude admin and auth.    
permissions.queryset = permissions.queryset.exclude(content_type__app_label__in=['admin', 'auth'])

# Only view permissions of desired models (Can be your models or Django's)
permissions.queryset = permissions.queryset.filter(content_type__model__in=['blog', 'post', 'user', 'group'])

After you create your class, you have to register your User model with your newly created Admin:

admin.site.unregister(User)  # You must unregister first
admin.site.register(User, MyUserAdmin)

Edit: I added comment from Maik Hoepfel, because this code made django crashed when creating new user.

---

You can do the same with the permission list in your Group edit page, but you have to create another Admin that extends from GroupAdmin, and change form.base_fields['user_permissions'] with form.base_fields['permissions']

Answer 2

Renato's answer is almost perfect. The Django Admin makes adding a user a two-step process with the same form, and his code fails with a KeyError for 'user_permissions' in the first step.

The fix is easy enough, just use the code below instead:

def get_form(self, request, obj=None, **kwargs):
    form = super(MyUserAdmin, self).get_form(request, obj, **kwargs)
    # adding a User via the Admin doesn't include the permissions at first
    if 'user_permissions' in form.base_fields:
        permissions = form.base_fields['user_permissions']
        permissions.queryset = permissions.queryset.filter(content_type__name='log entry')
    return form