在我的Django管理员中,我有一列created_by,该列用于发帖的人。我有很多人可以访问Django admin进行发布。问题是他们现在可以编辑彼此的帖子。
我希望他们只能编辑自己的帖子,而不是其他人的帖子。无论如何,是否有限制将访问权限限制为Django管理员中的特定用户?
此外,这是我的admin.py和models.py的代码。
admin.py
@admin.register(Store)
class StoreAdmin(SummernoteModelAdmin):
summernote_fields = '__all__'
formfield_overrides = {
models.CharField: {'widget': TextInput(attrs={'size': '91'})},
}
list_display = ('id', 'status', 'businessName',
'typ', 'author', 'updated_by', 'created_by', 'updated_at', 'created_at')
list_filter = ('businessName',)
search_fields = ('businessName',)
def save_model(self, request, obj, form, change):
# adding the entry for the first time
if not change:
obj.created_by = request.user
# updating already existing record
else:
obj.updated_by = request.user
obj.save()
models.py
class Store(TimeStampedModel):
...
created_by = ForeignKey(settings.AUTH_USER_MODEL, editable=False,
related_name='stores_of_created_by', null=True, blank=True)
updated_by = ForeignKey(settings.AUTH_USER_MODEL, editable=False,
related_name='stores_of_updated_by', null=True, blank=True)
答案 0 :(得分:2)
我认为您应该覆盖 get_queryset() 的 ModelAdmin 方法,如下所示
@admin.register(Store)
class StoreAdmin(SummernoteModelAdmin):
# your code
def get_queryset(self, request):
if request.user.is_superuser:
return super(StoreAdmin, self).get_queryset(request).filter(created_by=request.user)
if request.user.is_staff:
return someting
# your code