1

I need to restrict user access to filebrowser using permissions. For example, only users with permission "can_upload_files" should be able to see Filebrowser in my custom dashboard.

Is this possible?

Thanks!

Filip Kołakowski
  • 13
  • 3
  • What custom dashboard are you using? You can modify the admin templates and conditionally add a link to the filebrowser there. If the logged in user does not have acces, the link is not shown. – Simeon Visser Apr 03 '12 at 17:13

2 Answers2

4

If the thing you want to accomplish is to simply hide the "Media Management" group from your dashboard, you can use the following conditional in your dashboard.py code:

if context.get('user').has_perm('accounts.can_upload_files'):
    self.children.append(modules.LinkList(
        _('Media Management'),
        column=2,
        children=[
            {
                'title': _('FileBrowser'),
                'url': '/admin/filebrowser/browse/',
                'external': False,
            },
        ]
    ))

Note that this will not actually limit access to the FileBrowser, simply hide the link.

postrational
  • 6,306
  • 3
  • 22
  • 27
  • This is also good for limiting access to other models, links etc. in django admin. Thanks! – zzart Apr 25 '13 at 09:11
0

This can be done by a middleware. Something like:

from django.http import HttpResponseForbidden

class MediaLibraryAccess(object):
    def process_request(self, request):
        if not request.path.startswith('/admin/media-library'):
            return None
        if request.user and request.user.is_superuser:
            return None
        return HttpResponseForbidden('Access Forbidden')

Do not forget to activate the middleware in your settings.py

MIDDLEWARE_CLASSES = (
       ...
       "myapp.middleware.MediaLibraryAccess",
)

In this example I am checking for superuser but you could easily check for a specific permission...

schettino72
  • 2,990
  • 1
  • 28
  • 27