Skip to content

Commit

Permalink
Only show editable dashboards in admin changelist view. (#131)
Browse files Browse the repository at this point in the history
Thanks, Atul Varma
  • Loading branch information
toolness authored Jul 1, 2021
1 parent e82f8a6 commit 1fb3f15
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
7 changes: 7 additions & 0 deletions django_sql_dashboard/admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,10 @@ def get_readonly_fields(self, request, obj):
if not request.user.is_superuser:
readonly_fields.append("owned_by")
return readonly_fields

def get_queryset(self, request):
if request.user.is_superuser:
# Superusers should be able to see all dashboards.
return super().get_queryset(request)
# Otherwise, show only the dashboards the user has edit access to.
return Dashboard.get_editable_by_user(request.user)
15 changes: 15 additions & 0 deletions django_sql_dashboard/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,21 @@ def user_can_edit(self, user):
return True
return False

@classmethod
def get_editable_by_user(cls, user):
allowed_policies = [cls.EditPolicies.LOGGEDIN]
if user.is_staff:
allowed_policies.append(cls.EditPolicies.STAFF)
if user.is_superuser:
allowed_policies.append(cls.EditPolicies.SUPERUSER)
return (
cls.objects.filter(
models.Q(owned_by=user)
| models.Q(edit_policy__in=allowed_policies)
| models.Q(view_policy=cls.EditPolicies.GROUP, edit_group__user=user)
)
).distinct()

@classmethod
def get_visible_to_user(cls, user):
allowed_policies = [cls.ViewPolicies.PUBLIC, cls.ViewPolicies.LOGGEDIN]
Expand Down

0 comments on commit 1fb3f15

Please sign in to comment.