I suppose similar problem would have been discussed here, but I couldn't find it.
Let's suppose I have an Editor and a Supervisor. I want the Editor to be able to add new content (eg. a news post) but before publication it has to be acknowledged by Supervisor.
When Editor lists all items, I want to set some fields on the models (like an 'ack' field) as read-only (so he could know what had been ack'ed and what's still waiting approval) but the Supervisor should be able to change everything (list_editable would be perfect)
What are the possible solutions to this problem?
Django admin allows access to users marked as is_staff=True . To disable a user from being able to access the admin, you should set is_staff=False . This holds true even if the user is a superuser. is_superuser=True .
Just define a custom form, with your required field overridden to set required=True, and use it in your admin class.
I think there is a more easy way to do that:
Guest we have the same problem of Blog-Post
blog/models.py:
Class Blog(models.Model): ... #fields like autor, title, stuff.. ... class Post(models.Model): ... #fields like blog, title, stuff.. ... approved = models.BooleanField(default=False) approved_by = models.ForeignKey(User) class Meta: permissions = ( ("can_approve_post", "Can approve post"), )
And the magic is in the admin:
blog/admin.py:
... from django.views.decorators.csrf import csrf_protect ... def has_approval_permission(request, obj=None): if request.user.has_perm('blog.can_approve_post'): return True return False Class PostAdmin(admin.ModelAdmin): @csrf_protect def changelist_view(self, request, extra_context=None): if not has_approval_permission(request): self.list_display = [...] # list of fields to show if user can't approve the post self.editable = [...] else: self.list_display = [...] # list of fields to show if user can approve the post return super(PostAdmin, self).changelist_view(request, extra_context) def get_form(self, request, obj=None, **kwargs): if not has_approval_permission(request, obj): self.fields = [...] # same thing else: self.fields = ['approved'] return super(PostAdmin, self).get_form(request, obj, **kwargs)
In this way you can use the api of custom permission in django, and you can override the methods for save the model or get the queryset if you have to. In the methid has_approval_permission
you can define the logic of when the user can or can't to do something.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With