Looking for wagtail modeladmin PermissionHelper example

1.2k views Asked by At

In "wagtail_hooks.py" I have the code below. As wagtail admin I can see the StudentModelAdmin, but as a user with restricted access to the admin interface I can't.

I would like to allow users with wagtail admin access and the specific permission below to access the student model admin. How do I go about creating the "CourseRegisterPermission" class?

from wagtail.contrib.modeladmin.options import (ModelAdmin, modeladmin_register)
from wagtail.wagtailcore import hooks
from .models import Participant

@hooks.register('register_permissions')
def view_course_registrations():
    return Permission.objects.filter(codename="view_course_registrations")


class CourseRegisterPermission(PermissionHelper):
    # how do I allow users with the permission to view course registrations 
    # to see the 'StudentModelAdmin" below?


class StudentModelAdmin(ModelAdmin):
    model = Participant
    menu_label = "Student Registrations"
    menu_icon = "group"
    search_fields = ('name', 'supervisor_name')
    list_display = ('name', 'email')
    list_filter = ('course',)
    permission_helper_class = CourseRegisterPermission

I tried to find some examples of wagtail PermissionHelper but wasn't able to find any.

Any hint would be appreciated!

2

There are 2 answers

1
m1kola On BEST ANSWER

You can use the wagtail.contrib.modeladmin.helpers.PermissionHelper or wagtail.contrib.modeladmin.helpers.PagePermissionHelper permission helper classes from Wagtail's sources as an example. See methods like user_can_list, user_can_create, etc.

But... Are you sure that you need to define your own permission helper class? It seems to me that you can just create a new (or edit existing) group in the Wagtail admin and give required object permissions to your Participant model.

On my screenshot Programme is the model that I manage using ModelAdmin.

enter image description here

0
Hatim On

You can override some functions inside CourseRegisterPermission


class CourseRegisterPermission(PermissionHelper):

    def user_can_list(self, user):
        """
        Return a boolean to indicate whether `user` is permitted to access the
        list view for self.model
        """
        # this is just an example
        return user.role == "driver" 



    def user_can_delete_obj(self, user, obj):
        """
        Return a boolean to indicate whether `user` is permitted to 'delete'
        a specific `self.model` instance.
        """
        perm_codename = self.get_perm_codename('delete')

        if obj.status > 0:
            return False

        if not self.user_has_specific_permission(user, perm_codename):
            return False

        if user.id == obj.id:
            # users may not delete themselves
            return False



You can also override the following functions:

  • def user_can_list(self, user):
  • def user_can_create(self, user):
  • def user_can_inspect_obj(self, user, obj):
  • def user_can_edit_obj(self, user, obj):
  • def user_can_delete_obj(self, user, obj):
  • def user_can_unpublish_obj(self, user, obj):
  • def user_can_copy_obj(self, user, obj):