Search code examples
djangodjango-admindjango-authenticationdjango-permissions

Django sites framework permissions

I am using the sites framework to run multiple apps off of one code base. I have 3 users, and 3 sites. They can login to the django admin interface and create content but I want them to see only the site they are allowed to manage, not the others, can the sites framework handle this? if not can anyone guide me to the right direction as to how this can be accomplished?

EDIT:

What I did was a simple example. Here goes....

class Weblog(models.Model):
    title = models.CharField(max_length=250)
    slug = models.SlugField(unique=True)
    user = models.ForeignKey(User) # this is the user who should own that blog and see nothing else
    site = models.ForeignKey(Site)

    objects = models.Manager()
    on_site = CurrentSiteManager()

    def __unicode__(self):
        return self.title

class Entry(models.Model):
    title = models.CharField(max_length=200)
    slug = models.SlugField()
    body = models.TextField()
    author = models.ForeignKey(User)
    weblog = models.ForeignKey(Weblog)

This is where I am confused. I understand the concept of a weblog having a reference to a site and a user as well. But then how does one limit that person to only see and add/edit the entries on their own weblog that was created for them?

Thanks

Solution

  • Yes, the Django sites framework can do exactly that. As I have not much information about what you already did, I can't really help you, so please give more details.

    Also check the specific documentation.

    EDIT Ok, I understand it now, your problem is to restrict users to only view and edit content about their dedicated site. This is a little more complicated.

    It depends if you use the admin interface or custom views to handle this views and edits. If you use custom ones it can be done easily changing the queryset used, but I imagine you use the admin interface.

    In this case, maybe overriding the default manager (objects) with CurrentSiteManager() can do the job. But

    • it can have side effects, overriding the default manager is not recommended, you need to test it (the first side effect is: you won't have a listing of all edits on all sites)
    • you must be sure that user A can't login in site B admin interface

    Another solution may be to create custom admins for each one of these websites. See the admin doc.

    But, just a question: if you don't want to let users edit content on each of these websites, do you however need to have a unique interface to all this admin websites? For example to let one person be able to edit content on all the sites) If not, maybe the Sites framework is not the way to go, and you should better make each website independant and clearly separated?

    Another solution is to look to the permissions possibilities of Django which let you define custom permissions to your views. I think (haven't tried it) it can also be used to protect admin views.

    I hope this can help.