I’m a hacker, and I love to build stuff for the Web.
Sunday 17th May, 2009
Databrowse has to be one of the most underappreciated Django apps. It’s been included with Django since 1.0, and it’s really simple to use; just register some models to a site, point to that site from your URLconf and you get a fully-featured data browser for free. You can read the databrowse docs here, but there’s something they don’t mention which I think is really nifty.
Down at the bottom of that page, it recommends using the
decorator to restrict access to registered users, like so:
from django.conf.urls.defaults import * from django.contrib import databrowse from django.contrib.auth.decorators import login_required urlpatterns = patterns('', (r'^databrowse/(.*)$', login_required(databrowse.site.root)), (r'^login/$', 'django.contrib.auth.views.login'), )
But if you want to restrict access to staff (i.e. users who can access the admin), you’ll have to use another (undocumented) decorator instead.
from django.conf.urls.defaults import * from django.contrib import databrowse from django.contrib.admin.views.decorators import staff_member_required urlpatterns = patterns('', (r'^databrowse/(.*)$', staff_member_required(databrowse.site.root)), )
Only users with the
is_staff flag will be able to access databrowse now, and the login form presented is essentially that of the Django admin. Note that
django.contrib.admin must be in your
INSTALLED_APPS for this to work.