Restrict Admin Access by Permission

A snippet for restricting Django Admin features to users with proper permissions.


# admin.py

from django.contrib import admin
from .models import Article

class ArticleAdmin(admin.ModelAdmin):
    def has_view_permission(self, request, obj=None):
        return request.user.has_perm('yourapp.view_article')

    def has_change_permission(self, request, obj=None):
        return request.user.has_perm('yourapp.change_article')

    def has_delete_permission(self, request, obj=None):
        return request.user.has_perm('yourapp.delete_article')

    def has_add_permission(self, request):
        return request.user.has_perm('yourapp.add_article')

admin.site.register(Article, ArticleAdmin)
  

# Django Admin

1. Go to /admin/auth/user/ or /admin/auth/group/
2. Assign object-level permissions like:
   - Can view article
   - Can add article
   - Can change article
   - Can delete article
  
Explanation:
  • You can override admin permission methods like has_view_permission() or has_change_permission() for custom access logic.
  • Each method returns a boolean depending on whether the user has the corresponding permission.
  • These checks affect what users can see or do inside Django Admin for that model.
  • You can combine these with custom permissions for even finer control.
Never miss a story on Django.wiki

Subscribe for fresh tutorials, snippets, and updates.

By subscribing you agree to our Privacy Policy.