Django admin - giving users access to specific objects/fields?

Question

I need to make an "owners" login for the admin. Say we have this model structure:

class Product(models.Model):
    owner = models.ManyToManyField(User)
    name = models.CharField(max_length=255)
    description = models.CharField(max_length=255)
    photos = models.ManyToManyField(Photo, through='ProductPhoto')


class Photo(models.Model):
    order = models.IntegerField()
    image = models.ImageField(upload_to='photos')
    alt = models.CharField(max_length=255)


class ProductPhoto(models.Model):
    photo = models.ForeignKey(Photo)
    product = models.ForeignKey(Product)

We have a group called Owners that some users are part of. The ProductPhoto is a TabularInline on the Product admin page.

Now, owners need permission to edit

1. (primary goal) only products where product__in=user.products (so basically, only products owned by them).

2. (secondary goal) only the description and photos of products

How would I do this with Django's admin/permission system?

Answer 1

This is row (or object) level permission. Django provides basic support for object permissions but it is up to you to implement the code.

Luckily, there are a few apps that provide drop-in object-level permission framework. django-guardian is one that I have used before. This page on djangopackages.com provides some more that you can try out.