How to implement a client admin in Django?

Question

I'm building a simple app, a sort of project/tasks manager where I can have several projects and several tasks that are assigned to one project.

I enabled Django admin for all this sort of tasks and it's working like a charm. Also, I have some users that have projects assigned to them. So what I want now is to enable a cut down version of the admin for those users, where:

• They can only manage/see tasks within their own project.
• They can only delete their own tasks
• some other minor restrictions.

What would be the best approach to this? Should I create another app with custom views and pages for client editing tasks or should I drop another admin instance and fine-tune it just for them?

I hope it was clear and not too subjective. Thanks.

Answer 1

+1 for custom app, hacking admin can take more time than just putting together your own admin from generic views.

Answer 2

I think that the best way to do this, either way, would be to somehow implement row-level permissions.
At the moment, the best solution for this is probably using the django-granular-permissions.

Like Dmitry I'm also for the custom app. Using generic views, modelforms et cetera will probably result in less work than modifying the admin app (which is not really made for hacking).

Also, if you keep an eye to the future, should the need for some more complex feature/restriction arise, you'll have less problems.