Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Aug 2nd, 2010  |  syntax: Python  |  size: 3.43 KB  |  views: 32  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. class SomeAdmin(admin.ModelAdmin):
  2.     form = SomeForm
  3.     inlines = [
  4.         SomeInline,
  5.         SomeOtherInline,
  6.     ]
  7.    
  8.     def get_fieldsets(self, request, obj=None):
  9.         """
  10.        Hook for specifying fieldsets for the add form.
  11.        
  12.        Modified to only display fields inside fieldsets that the user has
  13.        permissions to view or change.
  14.        """
  15.         if self.declared_fieldsets:
  16.             fieldsets = self.declared_fieldsets
  17.         else:
  18.             form = self.get_form(request, obj)
  19.             fieldsets = form.base_fields.keys() + \
  20.                 list(self.get_readonly_fields(request, obj))
  21.        
  22.         # Populate the fieldsets the user has permissions to view
  23.         for fieldset in fieldsets:
  24.             fieldset[1]['fields'] = [field for field in fieldset[1]['fields'] \
  25.                 if self.can_view_field(request, obj, field)]
  26.        
  27.         # Delete empty fieldsets
  28.         for fieldset in fieldsets:
  29.             if not fieldset[1]['fields']:
  30.                 fieldsets.remove(fieldset)
  31.        
  32.         return fieldsets
  33.    
  34.     def get_form(self, request, obj=None):
  35.         """
  36.        Returns a Form class for use in the admin add view. This is used by
  37.        add_view and change_view.
  38.        
  39.        Modified to only display formfields that the user has permissions to
  40.        view or change.
  41.        """
  42.         form = super(SomeAdmin, self).get_form(request, obj)
  43.        
  44.         # Remove the fields that the user does not have permission to view.
  45.         for field_name, field in form.base_fields.items():
  46.             if not self.can_view_field(request, obj, field_name):
  47.                 del form.base_fields[field_name]
  48.        
  49.         # Because inlines live outside of the normal flow of fields, their
  50.         # permissions need to be handled by a BooleanField on the original
  51.         # model. This reset the inline instances (created by __init__). Then
  52.         # loop through the inlines indicated in the ModelAdmin instance.
  53.         self.inline_instances = []
  54.         for inline_class in self.inlines:
  55.             # Arbitrary logic goes here. If the user has permission to view the
  56.             # inline, do this:
  57.             inline_instance = inline_class(self.model, self)
  58.             self.inline_instances.append(inline_instance)
  59.         return form
  60.    
  61.     def can_view_field(self, request, obj, field_name):
  62.         """
  63.        Returns boolean indicating whether the user has necessary permissions to
  64.        view the passed field.
  65.        """
  66.         if obj is None:
  67.             return request.user.has_perm('%s.%s_%s' % (
  68.                 self.opts.app_label,
  69.                 action,
  70.                 obj.__class__.__name__.lower()
  71.             ))
  72.         else:
  73.             # Arbitrary logic goes here, returning True in certain cases based
  74.             # on request properties and field values
  75.             return False
  76.    
  77.     def change_view(self, request, object_id, extra_context=None):
  78.         """"
  79.        The change admin view for this model.
  80.        """
  81.         # If object doesn't exist, don't raise Http404 yet; we don't want an
  82.         # user without permissions to be able to determine an object's existence
  83.         model = self.model
  84.         try:
  85.             obj = model._default_manager.get(pk=object_id)
  86.         except model.DoesNotExist:
  87.             pass
  88.         return super(SomeAdmin, self).change_view(request, object_id)