Question :
is it possible to give users the permission to view, but not to change or delete.
currently in the only permissions I see are “add”, “change” and “delete”… but there is no “read/view” in there.
I really need this as some users will only be able to consult the admin panel, in order to see what has been added in.
Answer #1:
Update: Since Django 2.1 this is now built-in.
In admin.py
# Main reusable Admin class for only viewing
class ViewAdmin(admin.ModelAdmin):
"""
Custom made change_form template just for viewing purposes
You need to copy this from /django/contrib/admin/templates/admin/change_form.html
And then put that in your template folder that is specified in the
settings.TEMPLATE_DIR
"""
change_form_template = 'view_form.html'
# Remove the delete Admin Action for this Model
actions = None
def has_add_permission(self, request):
return False
def has_delete_permission(self, request, obj=None):
return False
def save_model(self, request, obj, form, change):
#Return nothing to make sure user can't update any data
pass
# Example usage:
class SomeAdmin(ViewAdmin):
# put your admin stuff here
# or use pass
In change_form.html replace this:
{{ adminform.form.non_field_errors }}
with this:
<table>
{% for field in adminform.form %}
<tr>
<td>{{ field.label_tag }}:</td><td>{{ field.value }}</td>
</tr>
{% endfor %}
</table>
Then remove the submit button by deleting this row:
{% submit_row %}
Answer #2:
You can use the django-admin-view-permission application:
pip install django-admin-view-permission
INSTALLED_APPS = [
'admin_view_permission',
'django.contrib.admin',
...
]
UPDATE:
Django 2.1 has a view permission out of the box.
Answer #4:
One workaround would be to have an additional “save” permission on your model and check in the modeladmin’s save_model method if the user has this permissions, if he has not, that would mean he can do everything in this modeladmin, except saving edited data!
Answer #5:
To provide sample to Bernhard Vallant mention above. In my admin.py file I would place
class LogBookAdmin(admin.ModelAdmin):
list_display = ['dateEntry','due_date', 'controlNo', 'carrier', 'status']
exclude = ['encoder_status', 'engr_status', 'chief_status', 'ischecked']
def save_model(self, request, obj, form, change):
if request.user.groups.filter(name='Encoder').exists():
pass
else:
return super(LogBookAdmin, self).save_model(request, obj, form, change)
Assuming I have a group name Encoder where I would like them to view Logbook only. But other group name can save any changes.
Answer #6:
You can do this by following way:
1)You can make the fields read only if the object has been created.But doing this noone will be able to change the fields
2)You can use databrowse
3)You can use form validation ,if user is not in the selected list throw validation error if any field is changed
4)you can create a view ,if user is in your list then redirect it to normal flow or else redirect him to simple html readonly page
5)Use jquery to make the fields readonly is user is not in the list and override the save method to check any smartness.In your save method you throw error any form has changed and user is not in your list.username=request.user.username
Answer #7:
In django 2.1, you just need to override has_change_permission and has_delete_permission :
@admin.register(MyModel)
class MyModelAdmin(admin.ModelAdmin):
def has_change_permission(self, request, obj=None):
return False
def has_delete_permission(self, request, obj=None):
return False
# to disable view and add you can do this
def has_view_permission(self, request, obj=None):
return False
def has_add_permission(self, request):
return False
Answer #8:
You may also override ModelAdmin.change_view (as stated in the Django docs). Just make sure you also override save_model to make sure the user can’t update the data
