A middleware that restricts staff members access to administration pages.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | from django.core.exceptions import ImproperlyConfigured
from django.core.urlresolvers import reverse
from django.http import HttpResponseForbidden
class RestrictStaffToAdminMiddleware(object):
"""
A middleware that restricts staff members access to administration panels.
"""
def process_request(self, request):
if not hasattr(request, 'user'):
raise ImproperlyConfigured(
"Restrict staff to admin middleware requires the"
" authentication middleware to be installed. Edit your"
" MIDDLEWARE_CLASSES setting to insert"
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
" before the RestrictStaffToAdminMiddleware class.")
if request.user.is_staff:
if not request.path.startswith(reverse('admin:index')):
msg = u'Staff members cannot access the public site.'
return HttpResponseForbidden(msg)
|
More like this
- Template tag - list punctuation for a list of items by shapiromatron 12 months ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 1 year ago
- Serializer factory with Django Rest Framework by julio 1 year, 6 months ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 7 months ago
- Help text hyperlinks by sa2812 1 year, 8 months ago
Comments
what use case were you thinking of? I simply cant see one. Okay maybe secret service where agents can submit data into the network but cant browse info on the network. :-). anti-wikileak and all that ;)
If so.. here are some things you may want to watch for
You may also want to make sure that anonymous users can't see the site. Otherwise the staff could simply log-off and have access to the site!
You may also want to make sure all staff have only add permissions and not 'change' or 'delete' permissions.
#
High tech man!
#
Please login first before commenting.