This fixed that issue:
https://stackoverflow.com/questions/73816296/password-field-is-visible-and-not-encrypted-in-django-admin-site
Hope it helps somebody else!
On Thursday, September 10, 2015 at 1:20:44 PM UTC+5:30 Xavier Palacín Ayuso wrote:
Finally overrite a UserAdmin ModelAdmin:
from django.contrib.auth.models import User
from django.utils.translation import ugettext, ugettext_lazy as _
from django.core.exceptions import PermissionDenied
class UserAdmin(admin.ModelAdmin):
actions = ['delete_model']
def get_fieldsets(self, request, obj=None):
if not obj:
return self.add_fieldsets
if request.user.is_superuser:
perm_fields = ('is_active', 'is_staff', 'is_superuser',
'groups', 'user_permissions')
else:
# modify these to suit the fields you want your
# staff user to be able to edit
perm_fields = ('is_active', 'is_staff', 'groups')
return [(None, {'fields': ('username', 'password')}),
(_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
(_('Permissions'), {'fields': perm_fields}),
(_('Important dates'), {'fields': ('last_login', 'date_joined')})]
# Prevent super user edition for no super users
def save_model(self, request, obj, form, change):
print 'save_model'
if not change:
# New user
obj.save()
else:
# Update user
if obj.is_superuser:
if request.user.is_superuser:
obj.save()
else:
raise PermissionDenied
else:
obj.save()
def get_actions(self, request):
actions = super(UserAdmin, self).get_actions(request)
del actions['delete_selected']
return actions
# Prevent super user deletion for no super users
def delete_model(modeladmin, request, queryset):
for obj in queryset:
if obj.is_superuser:
if request.user.is_superuser:
# obj.delete()
else:
raise PermissionDenied
else:
# obj.delete()
delete_model.short_description = 'Eliminar usuario/s seleccionados'
El miércoles, 9 de septiembre de 2015, 12:00:18 (UTC+2), Xavier Palacín Ayuso escribió:I want to collects current user in model signal pre_save, to prevent remove super user permission to current super users.As I have now so I can not give administrative privileges to a normal user.
from django.dispatch.dispatcher import receiver
from django.contrib.auth.models import User
from django.core.exceptions import PermissionDenied
@receiver(pre_save, sender=User)
def save_user(sender, instance, **kwargs):
if instance._state.adding is True:
# we would need to create the object
print "Creating an object"
else:
#we are updating the object
if instance.is_superuser:
raise PermissionDenied
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/19cee1e0-109e-4500-9764-f04d6b69fc7bn%40googlegroups.com.
No comments:
Post a Comment