is it possible to give users the permission to view, but not to change or delete.
currently in the only permissions I see are "add", "change" and "delete"... but there is no "read/view" in there.
I really need this as some users will only be able to consult the admin panel, in order to see what has been added in.
Restrict access to unauthenticated users in Django Views. To simply restrict access to a view based on if the user is authenticated (logged in) or not does not require you to dive deep into the permission system at all, you can simply do it with Decorators, Mixins or the user is_authenticated property.
Django admin allows access to users marked as is_staff=True . To disable a user from being able to access the admin, you should set is_staff=False . This holds true even if the user is a superuser. is_superuser=True .
through django-adminopen your django-admin page and head to Users section and select your desired user . NOTE: Permission assigning process is a one-time thing, so you dont have to update it every time unless you need to change/re-assign the permissions.
Django Admin Panel : In Admin Panel you will see Group in bold letter, Click on that and make 3-different group named level0, level1, level3 . Also, define the custom permissions according to the need. By Programmatically creating a group with permissions: Open python shell using python manage.py shell.
Update: Since Django 2.1 this is now built-in.
In admin.py
# Main reusable Admin class for only viewing class ViewAdmin(admin.ModelAdmin): """ Custom made change_form template just for viewing purposes You need to copy this from /django/contrib/admin/templates/admin/change_form.html And then put that in your template folder that is specified in the settings.TEMPLATE_DIR """ change_form_template = 'view_form.html' # Remove the delete Admin Action for this Model actions = None def has_add_permission(self, request): return False def has_delete_permission(self, request, obj=None): return False def save_model(self, request, obj, form, change): #Return nothing to make sure user can't update any data pass # Example usage: class SomeAdmin(ViewAdmin): # put your admin stuff here # or use pass
In change_form.html replace this:
{{ adminform.form.non_field_errors }}
with this:
<table> {% for field in adminform.form %} <tr> <td>{{ field.label_tag }}:</td><td>{{ field.value }}</td> </tr> {% endfor %} </table>
Then remove the submit button by deleting this row:
{% submit_row %}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With