How to limit access to grappelli filebrowser using django auth permissions?
-
28-05-2021 - |
سؤال
I need to restrict user access to filebrowser using permissions. For example, only users with permission "can_upload_files" should be able to see Filebrowser in my custom dashboard.
Is this possible?
Thanks!
المحلول
If the thing you want to accomplish is to simply hide the "Media Management" group from your dashboard, you can use the following conditional in your dashboard.py
code:
if context.get('user').has_perm('accounts.can_upload_files'):
self.children.append(modules.LinkList(
_('Media Management'),
column=2,
children=[
{
'title': _('FileBrowser'),
'url': '/admin/filebrowser/browse/',
'external': False,
},
]
))
Note that this will not actually limit access to the FileBrowser, simply hide the link.
نصائح أخرى
This can be done by a middleware. Something like:
from django.http import HttpResponseForbidden
class MediaLibraryAccess(object):
def process_request(self, request):
if not request.path.startswith('/admin/media-library'):
return None
if request.user and request.user.is_superuser:
return None
return HttpResponseForbidden('Access Forbidden')
Do not forget to activate the middleware in your settings.py
MIDDLEWARE_CLASSES = (
...
"myapp.middleware.MediaLibraryAccess",
)
In this example I am checking for superuser
but you could easily check for a specific permission...
لا تنتمي إلى StackOverflow