Login

Restrict staff access to admin pages

Author:
slink
Posted:
October 7, 2010
Language:
Python
Version:
1.2
Tags:
middleware admin user staff
Score:
0 (after 0 ratings)

A middleware that restricts staff members access to administration pages.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
from django.core.exceptions import ImproperlyConfigured
from django.core.urlresolvers import reverse
from django.http import HttpResponseForbidden


class RestrictStaffToAdminMiddleware(object):
    """
    A middleware that restricts staff members access to administration panels.
    """

    def process_request(self, request):
        if not hasattr(request, 'user'):
            raise ImproperlyConfigured(
                "Restrict staff to admin middleware requires the"
                " authentication middleware to be installed.  Edit your"
                " MIDDLEWARE_CLASSES setting to insert"
                " 'django.contrib.auth.middleware.AuthenticationMiddleware'"
                " before the RestrictStaffToAdminMiddleware class.")
        if request.user.is_staff:
            if not request.path.startswith(reverse('admin:index')):
                msg = u'Staff members cannot access the public site.'
                return HttpResponseForbidden(msg)

More like this

  1. Middleware to prevent access to the admin when user ip not in INTERNAL_IPS by jezdez 4 years, 8 months ago
  2. Django Sudo by readevalprint 3 years, 3 months ago
  3. restrict user access to modeladmin via metaclass by code_shogan 4 years, 1 month ago
  4. Soft Timeout Middleware by adamlofts 5 years, 9 months ago
  5. Restricting admin fieldsets for non-superusers by phretor 5 years, 7 months ago

Comments

code_shogan (on February 20, 2011):

what use case were you thinking of? I simply cant see one. Okay maybe secret service where agents can submit data into the network but cant browse info on the network. :-). anti-wikileak and all that ;)

If so.. here are some things you may want to watch for

  • You may also want to make sure that anonymous users can't see the site. Otherwise the staff could simply log-off and have access to the site!

  • You may also want to make sure all staff have only add permissions and not 'change' or 'delete' permissions.

#

s29 (on October 26, 2011):

High tech man!

#

Please login first before commenting.