I need the Django admin interface to be accessible only for superusers and staff when in productions and show a 404 of all other types of users including when not logged in. Is this possible and how?
I ended up writing a middleware for it:
from django.core.urlresolvers import reverse
from django.http import Http404
class RestrictStaffToAdminMiddleware(object):
"""
A middleware that restricts staff members access to administration panels.
"""
def process_request(self, request):
if request.path.startswith(reverse('admin:index')):
if request.user.is_authenticated():
if not request.user.is_staff:
raise Http404
else:
raise Http404