On Sep 11, 11:51 am, Simon Willison <[EMAIL PROTECTED]> wrote: > On Sep 11, 5:23 pm, Glimps <[EMAIL PROTECTED]> wrote: > > > I would like torestrictusersto thedatathey can see/modify/ > > delete on a table. I have a Reservation table that holds reservations > > for multiple banners of Restaurant chain. I don't want the user from > > franchiseX to be able to see/confirm reservations from franchiseY. > > > Since all the add/edit/delete is made with the admin interface (Django > > 1.0) I went and search for something I could override in the > > ModelAdmin class. No success. > > Take another look at ModelAdmin - the methods you want to over-ride > are queryset(request) which returns the QuerySet used to create the > "change list" view and has_add_permission(request), > has_change_permission(request, obj) and has_delete_permission(request, > obj). > > You can over-ride those methods on your ModelAdmin subclass to > implement your permissions logic. Your code will end up looking > something like this: > > class ReservationAdmin(admin.ModelAdmin): > def queryset(self, request): > return super(ReservationAdmin, self).filter(user = > request.user) > > def has_change_permission(self, request, obj=None): > if not obj: > return False > return obj.user == request.user > > def has_delete_permission(self, ...) > # similar > > Cheers, > > Simon
Thank you for pointing this out, very handy. Can this be taken 1 step further in a add_view or change_view? Say I have a PhotoAlbum model that a User is associated to via a ForeignKey. I also have a Photo model that has a ForeignKey to the PhotoAlbum. In the add_view or change_view, is there a way to only show in the drop down the PhotoAlbums that belong to the request.user and not show the full list? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
