On Sunday, March 29, 2015 at 5:08:06 AM UTC-3, Mike Dewhirst wrote:
-- A perhaps better solution would be to disable the Save and Delete
widgets/actions in particular circumstances.
How can I do something like this?
The quick&dirty way I did this was:
In settings.py create a tuple indicating read-only users:
ADMIN_READONLY_USERS = (5826, 6074, )
In the custom UserProfile model I added:
@property
def is_admin_readonly(self):
return self.id in settings. ADMIN_READONLY_USERS
And them override /admin/change_form.html file template and change submit_buttons_bottom block:
{% block submit_buttons_bottom %}
{% if request.user.is_admin_readonly is False %}
{% submit_row %}
{% endif %}
{% endblock %}
As you said in your last post you should also include some check in the view to prevent malicious users to POST form in other ways like using firebug.
Ezequiel.
http://flickrock.com/mikelpierre
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5efe4687-3aef-4f76-988d-789f98f8ae59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment