Admin

GuardedModelAdmin

class guardian.admin.GuardedModelAdmin(model, admin_site)

Extends django.contrib.admin.ModelAdmin class. Provides some extra views for object permissions management at admin panel. It also changes default change_form_template option to 'admin/guardian/model/change_form.html' which is required for proper url (object permissions related) being shown at the model pages.

Extra options

GuardedModelAdmin.obj_perms_manage_template

Default: admin/guardian/model/obj_perms_manage.html

GuardedModelAdmin.obj_perms_manage_user_template

Default: admin/guardian/model/obj_perms_manage_user.html

GuardedModelAdmin.obj_perms_manage_group_template

Default: admin/guardian/model/obj_perms_manage_group.html

GuardedModelAdmin.user_can_access_owned_objects_only

Default: False

If this would be set to True, request.user would be used to filter out objects he or she doesn’t own (checking user field of used model - field name may be overridden by user_owned_objects_field option).

Note

Please remember that this will NOT affect superusers! Admins would still see all items.

GuardedModelAdmin.user_can_access_owned_by_group_objects_only

Default: False

If this would be set to True, request.user would be used to filter out objects her or his group doesn’t own (checking if any group user belongs to is set as group field of the object; name of the field can be changed by overriding group_owned_objects_field).

Note

Please remember that this will NOT affect superusers! Admins would still see all items.

GuardedModelAdmin.group_owned_objects_field

Default: group

GuardedModelAdmin.include_object_permissions_urls

Default: True

New in version 1.2.

Might be set to False in order NOT to include guardian-specific urls.

Usage example

Just use GuardedModelAdmin instead of django.contrib.admin.ModelAdmin.

from django.contrib import admin
from guardian.admin import GuardedModelAdmin
from myapp.models import Author

class AuthorAdmin(GuardedModelAdmin):
    pass

admin.site.register(Author, AuthorAdmin)

GuardedModelAdminMixin

class guardian.admin.GuardedModelAdminMixin

Serves as a helper for custom subclassing admin.ModelAdmin.

get_obj_perms_base_context(request, obj)

Returns context dictionary with common admin and object permissions related content. It uses AdminSite.each_context, making sure all required template vars are in the context.

get_obj_perms_group_select_form(request)

Returns form class for selecting a group for permissions management. By default GroupManage is returned.

get_obj_perms_manage_group_form(request)

Returns form class for group object permissions management. By default AdminGroupObjectPermissionsForm is returned.

get_obj_perms_manage_group_template()

Returns object permissions for group admin template. May be overridden if need to change it dynamically.

Note

If INSTALLED_APPS contains grappelli this function would return "admin/guardian/grappelli/obj_perms_manage_group.html".

get_obj_perms_manage_template()

Returns main object permissions admin template. May be overridden if need to change it dynamically.

Note

If INSTALLED_APPS contains grappelli this function would return "admin/guardian/grappelli/obj_perms_manage.html".

get_obj_perms_manage_user_form(request)

Returns form class for user object permissions management. By default AdminUserObjectPermissionsForm is returned.

get_obj_perms_manage_user_template()

Returns object permissions for user admin template. May be overridden if need to change it dynamically.

Note

If INSTALLED_APPS contains grappelli this function would return "admin/guardian/grappelli/obj_perms_manage_user.html".

get_obj_perms_user_select_form(request)

Returns form class for selecting a user for permissions management. By default UserManage is returned.

get_urls()

Extends standard admin model urls with the following:

  • .../permissions/ under app_mdodel_permissions url name (params: object_pk)
  • .../permissions/user-manage/<user_id>/ under app_model_permissions_manage_user url name (params: object_pk, user_pk)
  • .../permissions/group-manage/<group_id>/ under app_model_permissions_manage_group url name (params: object_pk, group_pk)

Note

... above are standard, instance detail url (i.e. /admin/flatpages/1/)

obj_perms_manage_group_view(request, object_pk, group_id)

Manages selected groups’ permissions for current object.

obj_perms_manage_user_view(request, object_pk, user_id)

Manages selected users’ permissions for current object.

obj_perms_manage_view(request, object_pk)

Main object permissions view. Presents all users and groups with any object permissions for the current model instance. Users or groups without object permissions for related instance would not be shown. In order to add or manage user or group one should use links or forms presented within the page.