Let's suppose I have a Foo app with a Bar model with a owner field. I want a user to be able to edit all the instances for which obj.owner == request.user.
The model appears correctly in the admin panel for superusers and for users for which I have explicitly assigned the permission change_bar or add_bar, as explained here <https://docs.djangoproject.com/en/dev/topics/auth/default/#topic-authorization> : Assuming you have an application with an app_label foo and a model named Bar, to test for basic permissions you should use: add: user.has_perm('foo.add_bar') change: user.has_perm('foo.change_bar') delete: user.has_perm('foo.delete_bar') How can I show the model Bar in the admin index list without explicitly assigning foo.change_bar or foo.add_bar to the user? So far I tried the following, expecting the Bar model to appear in the index list page, but it didn't work. class BarAdmin(admin.ModelAdmin): def get_queryset(self, request): qs = super(BarAdmin, self).get_queryset(request) if request.user.is_superuser: return qs return qs.filter(owner=request.user) def has_add_permission(self, request): return True def has_change_permission(self, request, obj=None): if obj is None: return True if obj.owner == request.user: return True return False def has_delete_permission(self, request, obj=None): if obj is None: return True if obj.owner == request.user: return True return False def has_module_permission(self, request): return True Accessing the link admin/foo/bar/ works correctly for every user and returns the list of Bar instances for which obj.owner == request.user. admin/foo/bar/add allows the user to add a new object correctly. These links are although not displayed in the admin index page: which is the function that triggers the appearance of the model in the index page? admin/foo/ returns 403 Forbidden. I'm using Django 1.7 Thanks, Andrea -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAAPQ7Y2%2B_XOKAh%2Bq9CQsrK%3DS3O6YX6xgdw%2BGd_5eqRw9yRgJAw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
