Non-superuser access to Django Admin

0
votes

I'd like to restrict which parts of the admin interface are visibile to which staff members - for example, one person might be responsible for only billing related items, another only for customer support, and a third might have full access.

I can provide full access by setting is_superuser to True, but I don't think I want that (I don't want all staff with access to the Admin interface to be super users).

I can allow staff members login to the Admin interface by setting is_staff to True, but once logged in the staff member doesn't have access to anything - they see "You don't have permission to edit anything'.

I tried the method described in this question but I'm getting the same "You don't have permission" result:

class MyAdmin(admin.ModelAdmin):
    def has_edit_permission(self, request):
        return True

Is there a way to have staff members be able to access parts of the Django admin interface without being superuser?

2
djangodjango-admin

2 Answers

6
votes

There's no such thing as has_edit_permission. It's has_change_permission.

For more info on the three permission methods, see the Django ModelAdmin docs:

ModelAdmin.has_add_permission(self, request)

Should return True if adding an object is permitted, False otherwise.

ModelAdmin.has_change_permission(self, request, obj=None)

Should return True if editing obj is permitted, False otherwise. If obj is None, should return True or False to indicate whether editing of objects of this type is permitted in general (e.g., False will be interpreted as meaning that the current user is not permitted to edit any object of this type).

ModelAdmin.has_delete_permission(self, request, obj=None)

Should return True if deleting obj is permitted, False otherwise. If obj is None, should return True or False to indicate whether deleting objects of this type is permitted in general (e.g., False will be interpreted as meaning that the current user is not permitted to delete any object of this type).

2
votes

For what you are wanting to do, don't override has_change_permission - just give the user(s) and/or user group(s) the corresponding permission ("Can change Xs") in addition to checking "is staff".