Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add custom permissions to allow/prevent user from exporting data #608

Closed
mick88 opened this issue Jun 16, 2017 · 7 comments
Closed

Add custom permissions to allow/prevent user from exporting data #608

mick88 opened this issue Jun 16, 2017 · 7 comments
Labels
stale Stale bot

Comments

@mick88
Copy link

mick88 commented Jun 16, 2017

I propose adding a per-model permission that would control which users can export data. Import should already be controlled by "create" permission, but at the moment there's no mechanic in place to prevent the user from exporting all data to a file.
@beruic
Copy link
Contributor

beruic commented Jun 22, 2017

How about edit?

@mick88
Copy link
Author

mick88 commented Jun 22, 2017

Sorry, can you be more specific with your response?

@beruic
Copy link
Contributor

beruic commented Jun 23, 2017

Yes, sorry. how about the change (not edit, sorry) permission. Won't that do the job?

@mick88
Copy link
Author

mick88 commented Jun 25, 2017

No, it controls whether user can edit the object. Export is much too different. Anyway, I think I will implement this as it's a requirement on my project, and submit a PR.

@Javieracost
Copy link

Javieracost commented Jul 2, 2017
edited

Hey there, I had a similar case where I needed to control which users were allowed to import data. One solution to this is to override the modelAdmin's changelist_view method (which has access to the request object) to pass the necessary information to the extra_context dict . Then you can point the change_list_template attribute to a template where you can render the import/export buttons only if the required conditions are met.

{% extends 'admin/import_export/change_list.html' %}
{% block object-tools-items %}
	{% if import_allowed %}
		{% comment %}
			Should probably be 
			{% include "admin/import_export/change_list_import_item.html" %}
			but doesnt add the right class to the button so I do it myself
		{% endcomment %}
		<a class="btn" href='{% url opts|admin_urlname:"import" %}'>{% trans "Import" %}</a>
	{% endif %}
	{{ block.super }}
{% endblock %}

Anyway, it'd be so much better to have has_(import|export)_permission methods to implement on the modelAdmin instead!

@mick88 mick88 mentioned this issue Jan 10, 2018
Closed
@mick88
Copy link
Author

mick88 commented Jan 10, 2018

Sorry, I forgot about this issue. I implemented permissions a while ago on my fork. The implementation does not just hide the export button, but also checks permission when exporting.

@fatanugraha fatanugraha mentioned this issue Jul 12, 2018
Merged
bmihelac pushed a commit that referenced this issue Jul 20, 2018
@fatanugraha @bmihelac
Add Import Export Permissioning #608 (#804)
e633f9d 
* Add safeguard permission to admin

* remove button if not authorized

* Add Author

* fix tests

* add more tests

* Update docs
@xuhuiding0612 xuhuiding0612 mentioned this issue Aug 15, 2018
Closed
@stale
Copy link

stale bot commented Feb 11, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale Stale bot label Feb 11, 2019
@stale stale bot closed this as completed Feb 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale Stale bot
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@beruic @Javieracost @mick88