Admin page: model instance is None about django-rules HOT 8 CLOSED

You probably missed to subclass ObjectPermissionsModelAdmin: https://github.com/dfunckt/django-rules#rules-and-permissions-in-the-admin

from django-rules.

Unfortunately, that's not it.

from django-rules.

Hmm, have you configured AUTHENTICATION_BACKENDS as per https://github.com/dfunckt/django-rules#checking-for-permission? Also, is your PersonModelAdmin subclassing several classes besides ObjectPermissionsModelAdmin by any chance?

from django-rules.

Oh wait, I just realised you're trying to access the created instance when adding an instance via the admin. This won't work, and is expected -- the Person instance hasn't even been created at the time Django asks for permission -- i.e. myapp.add_person.

from django-rules.

Apparently you're confusing the semantics of the add permission, probably interpreting it as "is this user allowed to save this Person instance?", while it's actually more like "is this user allowed to add a Person instance?".

See here: https://github.com/django/django/blob/master/django/contrib/admin/options.py#L433-L440

from django-rules.

Thank you for the detailed replies. Yep, I configured AUTHENTICATION_BACKENDS per that guide. It seems like I've misunderstood how this library works regarding the Admin page. Is it correct that there's no easy way to restrict admin permissions based on simple rules?

I was able to get a 90% solution by editing classes in admin.py to look like this: (Users who have model-level permission could access rows outside their section by entering a specific URL, but this at least hides things)

@admin.register(Person)
class PersonAdmin(ModelAdmin):
     # Normal admin.py boilerplate goes here

    def get_queryset(self, request):
        """Only show people in the user's section."""
        qs = super(PersonAdmin, self).get_queryset(request)
        if request.user.is_superuser:
            return qs.all()
        else:
            return qs.filter(squadron=request.user.person.section)

    def render_change_form(self, request, context, *args, **kwargs):
        """ Only allow the user's section when adding/changing a person."""
        if not request.user.is_superuser:
            context['adminform'].form.fields['section'].queryset = Squadron.objects.filter(
               number=request.user.person.squadron.number)
        return super(PersonAdmin, self).render_change_form(request, context, args, kwargs)

from django-rules.

It seems like I've misunderstood how this library works regarding the Admin page. Is it correct that there's no easy way to restrict admin permissions based on simple rules?

No, this is not correct, you can restrict permissions based on rules -- that's what django-rules is all about. You have misunderstood how Django permissions work. Please take another look on this project's README and the relevant section in Django docs about authorisation.

Closing -- please reopen if there are rules-related questions I may answer.

from django-rules.

Hey, I am sorry to bring up this old issue, but I didn't want to open a new one just to ask a question. But I am kinda confused about this too. Is it possible to limit the list results in the admin list display just by using rules?

please let me know @dfunckt

from django-rules.