django admin - group permissions to edit or view models

Question

I'm searching for a way to customize the Django Administration to support permissions based on the user group.

For example, I've just created the Developers group, now I've also created the Tickets model, with AdminModel to specify how to list data.

I'd like to have this model visible only by Developers, and hidden to each other not in this group (eg filter the view based on groups). I've read a lot of documentations, but couldn't really find and understand what to do to have it working.

For security purposes I'd also need to check user groups at runtime when adding-deleting objects for a specific model (the one I've hidden to people outside the Developers group), otherwise it would only need to know the URL to use the model :s

It looks like a simple task, but maybe I'm missing something... any 3rd party middleware, or just a way to do it? I'm also ready to edit the administration views if needed, but I need to know what do to.

Thank you :-)

Answer 1

ModelAdmin has three methods dealing with user permission: has_add_permission, has_change_permission and has_delete_permission. All three should return boolean (True/False).

So you could do something like:

class TicketAdmin(admin.ModelAdmin):
    ...
    def has_add_permission(self, request):
        return request.user.groups.filter(name='Developers').exists()

    def has_change_permission(self, request, obj=None):
        return request.user.groups.filter(name='Developers').exists()

    def has_delete_permission(self, request, obj=None):
        return request.user.groups.filter(name='Developers').exists()

When False is returned from one of these, it's results in a 403 Forbidden.