On Wed, 2010-01-13 at 10:20 +1100, Justin Steward wrote: > I had a similar requirement for a current project. Users in the admin > needed to be able to see ONLY the objects that they had created. > > My solution was: > 1) http://code.djangoproject.com/wiki/CookBookThreadlocalsAndUser > 2) Add foreign key to model to track which user created the object. > 3) Use the ThreadLocals trick with a custom save() to set the user > (Objects created via command line get assigned the first superuser in > the DB) > 4) A smart manager that is now aware of the current logged in user > thanks to the ThreadLocals middleware and can use that to limit > requests. (displaying all if superuser, or if run using python > manage.py shell) > > I'm sure this approach could be expanded to use namespaces/groups > instead of user on the model's foreign key. To my mind at least, it's > a little easier to follow what's going on than overriding various > methods in admin.py
It seems that you're doing it "wrong". As standard django admin is meant for quick way to allow look and modification access to all trusted users - admins/staff. It's never was intended to be used for an end user activity management, which leads to utterly complex solutions trying to overcome this problem. It probably could be simpler to create custom admin site for this purpose than trying to get around limitations of standard admin site. -- Jani Tiainen
-- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
