1

Right now my all django staff-user can edit or delete others staff-user post. I want they only can able to be edit or delete their own post from django admin panel. How to restrict them to edit or delete others user post? here is my code:

views.py:

 class BlogPublishView(PermissionRequiredMixin,CreateView):
      raise_exception = True
      permission_required = "blog.add_post"
      model = Post
      form_class = BlogPost
      template_name = "blog_post.html"
      #fields = ['title','author','body']
      
      
                   
class BlogUpdateView(PermissionRequiredMixin,UpdateView):
      raise_exception = True
      permission_required = "blog.change_post"
      model = Post
      template_name = "blog_update_post.html"
      form_class = BlogPost
     
     
 class BlogDeleteView(PermissionRequiredMixin,DeleteView):
      raise_exception = True
      permission_required = "blog.delete_post"
      model = Post
      template_name = "delete_blog_post.html"
      success_url = reverse_lazy('blog')

urls.py

path('blog-post', BlogPublishView.as_view(), name='blog-post'),
path('blog-update/<slug:slug>', BlogUpdateView.as_view(), name='blog-update'),
path('blog-delete/<slug:slug>', BlogDeleteView.as_view(), name='blog-delete'),

html

 {% if user.is_authenticated %}{% if user.id == post.author.id %} <a href="{% url 'blog-update' post.slug %}"><b>(Edit Blog)</b></a>&nbsp;<a href="{% url 'blog-delete' post.slug %}"><b>(Delete Blog)</b> </a>{% endif %}{% endif %}

Let you explain little bit more if you still now don't understand my problem. Assume I have three user in my djano admin panel "A", "B" and "C". User "A" is Admin and user "B" and "C" is staff-user. User "B" and "C" have permission only edit, delete and publish post from admin panel. The problem is user "A" can edit and delete user "B" post and also user "B" can edit or delete user "A" post. I want to restrict both of staff-user to edit, delete and view each others post from django admin panel. They can only be view, edit and delete their own post from django admin panel.

Improve this question
1

1 Answer 1

Reset to default
3

After lot of research I find the solution. I solved the problems After using "get_queryset" method in my django admin model. here is the code:

def get_queryset(self, request):
        qs = super().get_queryset(request)
        if request.user.is_superuser:
            return qs
        return qs.filter(author=request.user)

You can read more details here. Before apply get_queryset user "A" and user "B" can view, edit and delete each others post from django admin panel. See the picture where user "A" logged in django admin panel and he aslo can edit user "B" and others member post. enter image description here

after apply get_queryset method I restricted user "A" to view, edit and delete post of user "B". Now user "A" can only view, edit and delete his own post. see the picture

enter image description here

If you apply this get_queryset method in your admin model then except admin nobody can view, edit and delete others user post.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.