Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Filter django admin by logged in user

Tags:

django

django-admin

I'm new to django. I'm creating simple app in which I have users enter some data and view it later. I need to make django admin show to the user only the data she enter and non of the other users data. Is it possible to change it to multiple admin pages?

Thank you

like image 449
Ido Ran Avatar asked Mar 05 '12 22:03

Ido Ran

2 Answers

  • Store a reference to a user in your model.

models.py:

from django.db import models
from django.contrib.auth.models import User

class MyModel(models.Model):
    user = models.ForeignKey(User)
    ... (your fields) ...
  • Force the current user to be stored in that field (when using admin)
  • Force any list of these objects to be (additionally) filtered by the current user (when using admin)
  • Prevent other users from editing (even though they can't see the object in the list they could access its change_form directly)

admin.py:

from django.contrib import admin
from models import MyModel

class FilterUserAdmin(admin.ModelAdmin): 
    def save_model(self, request, obj, form, change):
        obj.user = request.user
        obj.save()

    def get_queryset(self, request): 
        # For Django < 1.6, override queryset instead of get_queryset
        qs = super(FilterUserAdmin, self).get_queryset(request) 
        return qs.filter(created_by=request.user)

    def has_change_permission(self, request, obj=None):
        if not obj:
            # the changelist itself
            return True
        return obj.user === request.user

class MyModelAdmin(FilterUserAdmin):
    pass   # (replace this with anything else you need)
admin.site.register(MyModel, MyModelAdmin)

If you have MyOtherModel with a foreign key "user" just subclass MyOtherModelAdmin from FilterUserAdmin in the same manner.

If you want certain superusers to be able to see anything, adjust queryset() and has_change_permission() accordingly with your own requirements (e.g. don't filter/forbid editing if request.user.username=='me'). In that case you should also adjust save_model() so that your editing doesn't set the user and thus "take away" the object from the previous user (e.g. only set user if self.user is None (a new instance)).

like image 194
Danny W. Adair Avatar answered Oct 21 '22 04:10

Danny W. Adair

You'll have to save in the user to every item and query each item with that user as search criteria. You'll probably build a base model which all your other models will inherit from. To get you started take a look at row-level permissions in the admin.

like image 30
darren Avatar answered Oct 21 '22 05:10

darren
Sign in to Comment

Related questions

Django: HttpResponseRedirect is not defined
Filter in range of two date fields
How to stop logging Recent actions and History in Django 2.* admin panel?
How to add a page view count for django detail view?
Docker Compose, Django: role "_" does not exist
How to connect Django ORM to mongo atlas?
Difference between usage of Django celery and Django cron-jobs?
Django GraphQL JWT: tokenAuth mutation returns "str object has no attribute decode"
<class> has no foreign key to <class> in Django when trying to inline models
How to organize a database in Django with multiple, distinct apps?
Will Python use all processors in thread mode?
How to do I integrate a 304 in Django?
How can I override the django AuthenticationForm input css class?
How to open a generated PDF file in browser?
ElementTree instance has no attribute 'fromstring'. So, what I did wrong?
Django - User admin - adding groups to list_display
Ajax CSRF problem in Django 1.3
django : Model filter on date ranges
Reducing db queries in django
how to create year/month/day structure when uploading files with django

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!