Login

Restrict staff access to admin pages

Author:
slink
Posted:
October 7, 2010
Language:
Python
Version:
1.2
Score:
0 (after 0 ratings)

A middleware that restricts staff members access to administration pages.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
from django.core.exceptions import ImproperlyConfigured
from django.core.urlresolvers import reverse
from django.http import HttpResponseForbidden


class RestrictStaffToAdminMiddleware(object):
    """
    A middleware that restricts staff members access to administration panels.
    """

    def process_request(self, request):
        if not hasattr(request, 'user'):
            raise ImproperlyConfigured(
                "Restrict staff to admin middleware requires the"
                " authentication middleware to be installed.  Edit your"
                " MIDDLEWARE_CLASSES setting to insert"
                " 'django.contrib.auth.middleware.AuthenticationMiddleware'"
                " before the RestrictStaffToAdminMiddleware class.")
        if request.user.is_staff:
            if not request.path.startswith(reverse('admin:index')):
                msg = u'Staff members cannot access the public site.'
                return HttpResponseForbidden(msg)

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 9 months, 1 week ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 9 months, 2 weeks ago
  3. Serializer factory with Django Rest Framework by julio 1 year, 4 months ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 4 months ago
  5. Help text hyperlinks by sa2812 1 year, 5 months ago

Comments

code_shogan (on February 20, 2011):

what use case were you thinking of? I simply cant see one. Okay maybe secret service where agents can submit data into the network but cant browse info on the network. :-). anti-wikileak and all that ;)

If so.. here are some things you may want to watch for

  • You may also want to make sure that anonymous users can't see the site. Otherwise the staff could simply log-off and have access to the site!

  • You may also want to make sure all staff have only add permissions and not 'change' or 'delete' permissions.

#

s29 (on October 26, 2011):

High tech man!

#

Please login first before commenting.