I’m a hacker, and I love to build stuff for the Web.

 

Django Tip: Staff-only Access to Databrowse

Sunday 17th May, 2009

Databrowse has to be one of the most underappreciated Django apps. It’s been included with Django since 1.0, and it’s really simple to use; just register some models to a site, point to that site from your URLconf and you get a fully-featured data browser for free. You can read the databrowse docs here, but there’s something they don’t mention which I think is really nifty.

Down at the bottom of that page, it recommends using the login_required() decorator to restrict access to registered users, like so:

  from django.conf.urls.defaults import *
from django.contrib import databrowse
from django.contrib.auth.decorators import login_required

urlpatterns = patterns('',
    (r'^databrowse/(.*)$', login_required(databrowse.site.root)),
    (r'^login/$', 'django.contrib.auth.views.login'),
)

But if you want to restrict access to staff (i.e. users who can access the admin), you’ll have to use another (undocumented) decorator instead.

  from django.conf.urls.defaults import *
from django.contrib import databrowse
from django.contrib.admin.views.decorators import staff_member_required

urlpatterns = patterns('',
    (r'^databrowse/(.*)$', staff_member_required(databrowse.site.root)),
)

Only users with the is_staff flag will be able to access databrowse now, and the login form presented is essentially that of the Django admin. Note that django.contrib.admin must be in your INSTALLED_APPS for this to work.