i need solution for users of the Django admin page

Question

I created two users on the django admin page. When one user enters data the other user can see the data. So,every users can see and change each other datas. I want each user can only see and change own datas not others. How can i prevent it?

What is the data? Can you tell us more about your project? And what do you want to realize? — Zagorodniy Olexiy, Feb 23 '16 at 09:00
about my project; There are 100 schools on my Project.I would create 100 users for 100 schools. Every user of schools shouldn’t see or change any data of other users datas. For example; I realize when I permit a user to add-change-delete datas the other user is able to see all the datas and change all the datas. But users should only see or change their datas not others. And it is a big problem for the privacy — Bithynian Prince, Feb 23 '16 at 09:47
Why don't you want create user profile, not using django admin? — Zagorodniy Olexiy, Feb 23 '16 at 12:25
I created user profiles on django admin. for example, I created 2 users. I realize when I permit a user to add-change-delete datas the other user is able to see all the datas and change all the datas. But users should only see or change their datas not others. And it is a big problem for the privacy — Bithynian Prince, Feb 23 '16 at 13:10

anonDuck · Answer 1 · 2016-03-11T19:28:26.807

You can change the attributes (columns) according to different users (based on permission or some user attribute) but can not filter tuples on basis of that.

Example - (in app_name/admin.py)

def get_readonly_fields(self, request, obj=None):
    if request.user.is_superuser:
        self.readonly_fields = ()
    else:
        self.readonly_fields = ('id', 'name', 'attr1', 'attr2')
    return self.readonly_fields

But looking on the limited info given, i suppose you want to filter tuples. This can only be achieved by making a custom admin page parallel to django's admin (ex - name it staff panel). In its view method filter (using Querysets) according to the school and return's its related data for edit or whatever you want (for ease you can use Model forms).

EDIT: Sorry, i found exactly what you were asking for(hopefully).

class MyModelAdmin(admin.ModelAdmin):
    def get_queryset(self, request):
        qs = super(MyModelAdmin, self).get_queryset(request)
        if request.user.is_superuser:
            return qs
        return qs.filter(author=request.user)

This returns only the objects related to logged in user on the admin change page.

thank you for your answer.it's not the solution of my problem. — Bithynian Prince, Feb 23 '16 at 12:27
@BithynianPrince though i wouldn't recommend this way, if privacy or security is an issue — anonDuck, Mar 11 '16 at 21:57

score 0 · Answer 2 · edited May 23 '17 at 11:59

0

I think that you don't have to use django admin as user profile. You can create authorization/authentication system on your website, this is the great post about it.

Then you can create user profile for every users, where they can add/edit/delete their private datas.

edited May 23 '17 at 11:59

Community

1
1

answered Feb 24 '16 at 13:40

Zagorodniy Olexiy

2,132
3
22
47

i need solution for users of the Django admin page

2 Answers2