Re: How to prevent save/delete in the Admin

On 29/03/2015 7:28 PM, Julo wrote:
> Maybe you can add an interface for the models that are importants and hook to the save/delete signal a interfaced function called CanSave()
> And you check the premisson he has, if not allowed rais an exception, and don't save.

Julo

I like that. I'll dig a bit deper. It would be best to do it in the
model but I'm not sure how I can get request.user from there.

Thank you

Mike

> Sorry for the bad english.
> Saludos,
> Julian
> -----Original Message-----
> From: Mike Dewhirst <miked@dewhirst.com.au>
> Sender: django-users@googlegroups.com
> Date: Sun, 29 Mar 2015 19:07:17
> To: <django-users@googlegroups.com>
> Reply-To: django-users@googlegroups.com
> Subject: How to prevent save/delete in the Admin
>
> At the moment "has_change_permission" in the Admin works by returning
> 403 Forbidden if it gets a False.
>
> That doesn't suit my needs but it is probably not advisable to adjust it.
>
> Users without change permission need to be able to see the data and
> perhaps raise an exception (in this case BusinessRuleViolation
> subclassed from ValidationError) if they try to save. In other words,
> maybe use the existing form clean() mechanism.
>
> However, I recognise that this subverts the Admin by preventing [Save]
> and therefore may not be appropriate.
>
> A perhaps better solution would be to disable the Save and Delete
> widgets/actions in particular circumstances.
>
> How can I do something like this?
>
> TL;DR
>
> All the business rule decision logic is calculated using the object
> instance and request.user.
>
> The application displays a substance record with a few 1:1, 1:n, n:1 and
> n:m related records. The substance has a status field which can be made
> "public domain".
>
> The business rule is that a user can see and edit all their own
> substances but can see nothing owned by anyone else - unless they have
> been put in the public domain (and which then must be readonly to the
> "public")
>
> Thanks for any ideas
>
> Mike
>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5517DC37.8040607%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.