On 19/10/2015 5:03 AM, Ankit Agrawal wrote:
I have an active Django project where the admin panel is used by the
customer support team. I have two questions -
1. Django lacks a `view` permission because of which I have to assign
the change permission to the customer support team which is slightly
dangerous. I have some models for which the customer support team needs
just the view access and not the change access because of security
issues. Any workaround to this?
Yes. You need to make the sensitive fields - or all fields - readonly in
the admin depending on some property of the user. In my case "open data"
is read-only for all users except for members of the company which owns
the data ie., the user (or user_profile) with full access has a foreign
key to the company concerned. But the result of any callable will do.
def open_data(self, request, obj=None):
"""Return the regular readonly fields or all fields as readonly if
the user is not a member of the company which owns the substance.
https://docs.djangoproject.com/en/1.7/ref/contrib/admin/#django.contrib.admin.ModelAdmin.get_readonly_fields
self is the admin.StackedInline instance
obj is the admin.ModelAdmin instance
"""
if not obj:
# some fields are readonly under all circumstances
return self.readonly_fields
else:
if obj.company == get_user_company(request.user):
return self.readonly_fields
else:
return self.model._meta.get_all_field_names()
So in admin.py ...
1. Nominate the permanently readonly fields as per the Admin docs
2. After readonly_fields make get_readonly_fields = open_data
2. Although the admin panel can be used as a CRM, are there any popular
CRM django apps than can be used instead of the admin panel?
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-users+unsubscr...@googlegroups.com
<mailto:django-users+unsubscr...@googlegroups.com>.
To post to this group, send email to django-users@googlegroups.com
<mailto:django-users@googlegroups.com>.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/6ac40e1a-d3e7-492f-9589-388ee95978db%40googlegroups.com
<https://groups.google.com/d/msgid/django-users/6ac40e1a-d3e7-492f-9589-388ee95978db%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/562436F8.7020500%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.
