views:

545

answers:

3

Is there a way to remove the "Add" functionality on the Django admin site? For certain entities, I only want the Django admin to be able to view them or change existing ones, but not add new ones.

+1  A: 

Sure, you can customize admin VERY granularly by following the instructions here -- I believe that what you want can be obtained in part by overriding ModelAdmin.save_model(self, request, obj, form, change) in your own ModelAdmin subclass, to ensure nothing happens on the store when change is false (i.e. an attempt to add rather than change), and in part by overriding ModelAdmin.add_view(self, request, form_url='', extra_context=None) to display an "add view" that makes it very clear to the admin that they're NOT going to be allowed to add object through this route. I haven't actually done the specific admin customization you require, but I've done others and they do seem to work pretty smoothly!

Alex Martelli
Thank you for the answer. I was hoping for a setting which would accomplish this, the way the save_as ModelAdmin property works.
I'm not aware of such settings in stock Django 1.0, but maybe there's some >1.0 and/or contrib hack to supply it -- stock 1.0.something is what I've stuck with so far (mostly because it runs fine on app engine, I confess;-).
Alex Martelli
This answer overcomplicates things. Removing the users Add Permission does the trick perfectly for the situation you've described. (That is assuming you only need to control it per model and not per instance.)
andybak
@andibak, the admin normally can edit users, and so in particular can change permissions, including their own. What's your plan for dealing with that, without subclassing ModelAdmin and thus essentially equaling the complications of what you claim is my overcomplicated answer?-)
Alex Martelli
@krys: Could you clarify whether the users in question could potentially need to administer user permissions as well? This is for posterity: Your initial question has already been answered by @alex, but others may come across this question and get some guidance from your response. Thanks!
anschauung
@Alex Martelli We have a different understanding of the original question. I didn't interprete that the reference to 'the Django admin' as meaning a specific superuser.
andybak
+3  A: 

You can customize the permission for each user group from within the admin interface: try going to /admin/auth/group and it should be straightforward from there.

This won't be as granular as the solution offered by the earlier answer, but it will take care of most of your needs without needing to customize the admin.

anschauung
But as the OP specifically wants to block *the admin* from doing certain things, as the question so clearly states, how is he going to block the admin from just undoing the permission changes (esp. if he does want to allow the admin to DO some administering;-)?
Alex Martelli
@Alex: This is true -- I meant my response as a simpler alternative to your response, but simplicity comes with limitations of course.
anschauung
+1  A: 

If you change the permissions to restrict access then you'll still get the plus sign by a FK/MtM field. Clicking that will open a popup window with 'Permission Denied' in it.

You can actually completely remove the plus sign by not simply not registering the model with the admin.

I have a situation where I have predefined categories that I want users to be able to select more than one of. The best way to do this is with a models.ManyToMany field. You can register the model with the admin, enter the data as required and then remove the registration.

Tim Fletcher