How do I restrict access to admin pages in Django?

Issue

I need the Django admin interface to be accessible only for superusers and staff when in productions and show a 404 of all other types of users including when not logged in. Is this possible and how?

Solution

I ended up writing a middleware for it:

from django.core.urlresolvers import reverse
from django.http import Http404

class RestrictStaffToAdminMiddleware(object):
    """
    A middleware that restricts staff members access to administration panels.
    """
    def process_request(self, request):
        if request.path.startswith(reverse('admin:index')):
            if request.user.is_authenticated():
                if not request.user.is_staff:
                    raise Http404
            else:
                raise Http404

Answered By – ip.

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published