permissions - Using django admin, how can I make sure users can only access objects they own? -


i'm trying build selfservice website using django admin. user shall able edit own data. can make sure can retrieve own records way:

# admin.py class personaldataadmin(admin.modeladmin): model = personaldata exclude = ('data_confirmed',) list_display = ('first_name', 'last_name', 'email')  def get_queryset(self, request):     qs = super(personaldataadmin, self).get_queryset(request)     if request.user.is_superuser:         return qs     return qs.filter(user=request.user) 

what saving though? in order view show in admin interface, user need rights change entries of personaldata. how can check when receiving post request, object belong user? think need implement modelform this:

class persondataform(modelform): pass 

and add personaldataadmin. overwrite clean() or save() method. right way go? case there 1 record per user possible skip change list view , link directly change view?

i go overriding

modeladmin.has_change_permission(request, obj=none) 

where can change request.user versus object. see related modeladmin.has_*_permission() methods.

for restring viewing of objects, check:

view permissions in django


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -