Wednesday, November 26, 2014

Re: ModelAdmin.has_change_permission gives 403

In order to make a model admin read only I suggest you make sure `get_readonly_fields()` return all of them.


from django.contrib.admin.utils import flatten_fieldsets

def get_readonly_fields(request, obj=None):
    # Put your business logic here to determine whether or not
    # the whole model should be read-only based on request.user
    # and obj.
    return flatten_fieldsets(self.get_fieldsets(request, obj))


Simon   

Le mardi 25 novembre 2014 22:20:33 UTC-5, Mike Dewhirst a écrit :
On 26/11/2014 11:59 AM, Mike Dewhirst wrote:
> From the docs ...
>
> https://docs.djangoproject.com/en/1.6/ref/contrib/admin/#django.contrib.admin.ModelAdmin.has_change_permission
>
> ... is working nicely except it just pops up a standard error page
> 403 Forbidden when it returns False.


Actually, I must have changed my code and refreshed an already rendered
form when I thought it was working. Just clicking on the wrong model in
the admin list pops up a 403 Forbidden page. It looks like
ModelAdmin.has_change_permission() must return True to render the change
form.

Maybe someone can tell me how to make a model read-only for certain
users based on their relationship with the model?

To elaborate somewhat, a company owns a substance displayed on a page in
the admin and any user should be able to see it but only users who are
members of the same company may change or delete it.

Thanks

>
> How can I intercept this in the Admin and treat it like an error
> displayed like all the other validation errors generated from the
> model.clean() method???
>
> I'd like to raise a business rule violation exception on saving the
> model.
>
> Thanks for any hints
>
> Mike
>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0bf1a033-95da-4745-8fe0-a96388b17568%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)