Permission to view, but not to change! – Django

Posted on

Question :

Permission to view, but not to change! – Django

is it possible to give users the permission to view, but not to change or delete.

currently in the only permissions I see are “add”, “change” and “delete”… but there is no “read/view” in there.

I really need this as some users will only be able to consult the admin panel, in order to see what has been added in.

Answer #1:

Update: Since Django 2.1 this is now built-in.


# Main reusable Admin class for only viewing
class ViewAdmin(admin.ModelAdmin):

    Custom made change_form template just for viewing purposes
    You need to copy this from /django/contrib/admin/templates/admin/change_form.html
    And then put that in your template folder that is specified in the 
    change_form_template = 'view_form.html'

    # Remove the delete Admin Action for this Model
    actions = None

    def has_add_permission(self, request):
        return False

    def has_delete_permission(self, request, obj=None):
        return False

    def save_model(self, request, obj, form, change):
        #Return nothing to make sure user can't update any data

# Example usage:
class SomeAdmin(ViewAdmin):
    # put your admin stuff here
    # or use pass

In change_form.html replace this:

{{ adminform.form.non_field_errors }}

with this:

{% for field in adminform.form %}
      <td>{{ field.label_tag }}:</td><td>{{ field.value }}</td>
{% endfor %}

Then remove the submit button by deleting this row:

{% submit_row %}
Answered By: dan-klasson

Answer #2:

You can use the django-admin-view-permission application:

pip install django-admin-view-permission



Django 2.1 has a view permission out of the box.

Answered By: Anton Shurashov

Answer #3:

You can’t just view things in django admin.

There is a databrowse app for that.

Answered By: Valentin Golev

Answer #4:

One workaround would be to have an additional “save” permission on your model and check in the modeladmin’s save_model method if the user has this permissions, if he has not, that would mean he can do everything in this modeladmin, except saving edited data!

Answered By: Bernhard Vallant

Answer #5:

To provide sample to Bernhard Vallant mention above. In my file I would place

class LogBookAdmin(admin.ModelAdmin):
    list_display        = ['dateEntry','due_date', 'controlNo', 'carrier', 'status']    
    exclude             = ['encoder_status', 'engr_status', 'chief_status', 'ischecked']

    def save_model(self, request, obj, form, change):     
        if request.user.groups.filter(name='Encoder').exists():
            return super(LogBookAdmin, self).save_model(request, obj, form, change)

Assuming I have a group name Encoder where I would like them to view Logbook only. But other group name can save any changes.

Answered By: Charlesliam

Answer #6:

You can do this by following way:

1)You can make the fields read only if the object has been created.But doing this noone will be able to change the fields

2)You can use databrowse

3)You can use form validation ,if user is not in the selected list throw validation error if any field is changed

4)you can create a view ,if user is in your list then redirect it to normal flow or else redirect him to simple html readonly page

5)Use jquery to make the fields readonly is user is not in the list and override the save method to check any smartness.In your save method you throw error any form has changed and user is not in your list.username=request.user.username

Answered By: ha22109

Answer #7:

In django 2.1, you just need to override has_change_permission and has_delete_permission :

class MyModelAdmin(admin.ModelAdmin):

    def has_change_permission(self, request, obj=None):
        return False

    def has_delete_permission(self, request, obj=None):
        return False

    # to disable view and add you can do this 
    def has_view_permission(self, request, obj=None):
        return False

    def has_add_permission(self, request):
        return False

Answered By: Charlesthk

Answer #8:

You may also override ModelAdmin.change_view (as stated in the Django docs). Just make sure you also override save_model to make sure the user can’t update the data

Answered By: Asdf

Leave a Reply

Your email address will not be published. Required fields are marked *