How to limit access to grappelli filebrowser using django auth permissions?

Question

I need to restrict user access to filebrowser using permissions. For example, only users with permission "can_upload_files" should be able to see Filebrowser in my custom dashboard.

Is this possible?

Thanks!

Answer 1

If the thing you want to accomplish is to simply hide the "Media Management" group from your dashboard, you can use the following conditional in your dashboard.py code:

if context.get('user').has_perm('accounts.can_upload_files'):
    self.children.append(modules.LinkList(
        _('Media Management'),
        column=2,
        children=[
            {
                'title': _('FileBrowser'),
                'url': '/admin/filebrowser/browse/',
                'external': False,
            },
        ]
    ))

Note that this will not actually limit access to the FileBrowser, simply hide the link.

Answer 2

This can be done by a middleware. Something like:

from django.http import HttpResponseForbidden

class MediaLibraryAccess(object):
    def process_request(self, request):
        if not request.path.startswith('/admin/media-library'):
            return None
        if request.user and request.user.is_superuser:
            return None
        return HttpResponseForbidden('Access Forbidden')

Do not forget to activate the middleware in your settings.py

MIDDLEWARE_CLASSES = (
       ...
       "myapp.middleware.MediaLibraryAccess",
)

In this example I am checking for superuser but you could easily check for a specific permission...