Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to make Django admin site accessed by non-staff user?

Tags:

python

django

django-authentication

django-admin

I would like to implement a 2nd admin site which provides a subset of feature of the primary admin site. That's possible and described in the Django docs

However, I would like to limit access on the primary admin site. Some users can access the 2ndary site but not the primary site.

In order to implement that feature, I would like these users not to be in the staff (is_staff=False) and rewrite the AdminSite.has_permission

class SecondaryAdminSite(AdminSite):
    
    def has_permission(self, request):
        if request.user.is_anonymous:
            try:
                username = request.POST['username']
                password = request.POST['password']
            except KeyError:
                return False
            try:
                user = User.objects.get(username = username)
                if user.check_password(password):
                    return user.has_perm('app.change_onlythistable')
                else:
                    return False
            except User.DoesNotExist:
                return False
        else:
            return request.user.has_perm('app.change_onlythistable')

Unfortunately, this approach doesn't work. The user can login but can't see anything in the secondary admin site.

What's wrong with this approach? Any idea how to implement this feature?

Thanks in advance

like image 543
luc Avatar asked Oct 26 '10 09:10

luc

People also ask

How do I restrict access to admin pages in Django?

Django admin allows access to users marked as is_staff=True . To disable a user from being able to access the admin, you should set is_staff=False . This holds true even if the user is a superuser. is_superuser=True .

Which types of users are allowed to login to the Django Administration site?

Only one class of user exists in Django's authentication framework, i.e., 'superusers' or admin 'staff' users are just user objects with special attributes set, not different classes of user objects. The primary attributes of the default user are: username. password.

How do I get user permissions in Django?

Add Permissions to a Group If you are using AbstractUser in Django, you must add AUTH_USER_MODEL = 'YourAppName. YourClassName' . This way, you are telling Django to use our custom user model instead of the default one. The code below should go in your admin.py file so that you can see your user model.

1 Answers

Here's what worked for me with Django >= 3.2.

  • Create a subclass of AdminSite
  • Override the has_permission() method to remove the is_staff check.
  • Override the login_form to use AuthenticationForm.
    • AdminSite uses AdminAuthenticationForm, which extends AuthenticationForm and adds a check for is_staff.

Code

# PROJECT/APP/admin.py

from django.contrib.admin import AdminSite
from django.contrib.admin.forms import AuthenticationForm


class MyAdminSite(AdminSite):
    """
    App-specific admin site implementation
    """

    login_form = AuthenticationForm

    site_header = 'Todomon'

    def has_permission(self, request):
        """
        Checks if the current user has access.
        """
        return request.user.is_active


site = MyAdminSite(name='myadmin')
like image 194
Jigarius Avatar answered Sep 28 '22 17:09

Jigarius
Sign in to Comment

Related questions

Manually stop processes launched by mod_wsgi, and monitor how many processes are running
Google Cloud App Engine: 502 Bad Gateway (nginx) error with Flask App
I²C bytes received out of order using Raspberry Pi Python SMBus
How to use Firebase with a linux based client app for bidirectional messages communication with server
How and when does Python determine the data type of a variable?
Use latest Python version on Google Colab
Problem with missing and unexpected keys while loading my model in Pytorch
Seaborn's No numeric types to aggregate error
Inserting list into a cell - why does loc ACTUALLY work here?
Where do I catch the KeyboardInterrupt exception in this async setup
How to make custom loss with extra input in tensorflow 2.0
Why does using `or` within an except clause not cause a SyntaxError? Is there a valid use for it?
Finding specific characters within a list
ModuleNotFoundError: No module named 'django.utils.six' [duplicate]
Factory methods vs inject framework in Python - what is cleaner?
Tensorflow cannot get `image.shape` from method in `dataset.map( mapFn )`
Python Poetry: how to specify platform-specific dependency alternatives?
How to pass video stream from one Python to another?
Correctly compute the divergence of a vector field in Python
Inspiration and influence of the else clause of loop statements?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!