Created
August 1, 2013 06:34
-
-
Save KunihikoKido/6128916 to your computer and use it in GitHub Desktop.
Django Admin 画面でオブジェクト作成者毎のアクセス制限を実現するためのコード。
実際に使用する時には、それぞれのClassを継承して、Model、ModelAdmin を実装する。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from django.contrib import admin | |
| from django.http import HttpResponse | |
| class OwnerPermissionAdmin(admin.ModelAdmin): | |
| def queryset(self, request): | |
| qs = super(OwnerPermissionAdmin, self).queryset(request) | |
| if request.user.is_superuser: | |
| return qs | |
| return qs.filter(owner=request.user) | |
| def formfield_for_foreignkey(self, db_field, request=None, **kwargs): | |
| if not request.user.is_superuser: | |
| kwargs['queryset'] = db_field.rel.to.\ | |
| _default_manager.filter(owner=request.user) | |
| return super(OwnerPermissionAdmin, self).\ | |
| formfield_for_foreignkey(db_field, request, **kwargs) | |
| def formfield_for_manytomany(self, db_field, request=None, **kwargs): | |
| if not request.user.is_superuser: | |
| kwargs['queryset'] = db_field.rel.to.\ | |
| _default_manager.filter(owner=request.user) | |
| return super(OwnerPermissionAdmin, self).\ | |
| formfield_for_manytomany(db_field, request, **kwargs) | |
| def save_model(self, request, obj, form, change): | |
| if change is False: | |
| obj.owner = request.user | |
| obj.save() | |
| def save_formset(self, request, form, formset, change): | |
| instances = formset.save(commit=False) | |
| for instance in instances: | |
| if change is False: | |
| instance.owner = request.user | |
| instance.save() | |
| formset.save_m2m() | |
| def response_change(self, request, obj): | |
| if "_popup" in request.POST: | |
| return HttpResponse( | |
| '<!DOCTYPE html><html><head><title></title></head><body>' | |
| '<script type="text/javascript">opener.dismissAddAnotherPopup(window);</script></body></html>') | |
| return super(OwnerPermissionAdmin, self).response_change(request, obj) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from django.contrib.admin import SimpleListFilter | |
| class OwnerPermissionFilter(SimpleListFilter): | |
| model = None | |
| title = None | |
| parameter_name = None | |
| def lookups(self, request, model_admin): | |
| qs = self.model.objects.all() | |
| if not request.user.is_superuser: | |
| qs = qs.filter(owner=request.user) | |
| return [[o.id, o.__unicode__()] for o in qs] | |
| def queryset(self, request, queryset): | |
| value = self.value() | |
| if value: | |
| kwargs = {self.parameter_name: value} | |
| return queryset.filter(**kwargs) | |
| return queryset |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from django.db import models | |
| from django.contrib.auth.models import User | |
| class AbstractOwnerPermission(models.Model): | |
| owner = models.ForeignKey(User, verbose_name=u'オーナー') | |
| created = models.DateTimeField(u'作成日時', auto_now_add=True) | |
| updated = models.DateTimeField(u'更新日時', auto_now=True) | |
| class Meta: | |
| abstract = True |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment