Django Admin

Custom Django admin site and model admin classes for the dashboard app.

This module rebuilds the Django admin site with fine-grained, role-based access control. Instead of using Django’s default AdminSite, a RestrictedAdminSite instance is registered that enforces the following permission tiers across all registered models:

Superuser — full CRUD access to all models.
Staff / account admin — read and update/delete access to owned objects; no add permission.
Customer (authenticated) — read access to owned objects only.
Anonymous / unauthenticated — no access.

Module-level helpers

smarter_is_staff(): Returns True if the requesting user is a staff member or superuser.
smarter_has_ud_permission(): Returns True if the requesting user may update or delete the given object, based on ownership and account association.

Model admin classes

SmarterCustomerModelAdmin: Grants authenticated customers read access to their own objects; restricts add/change/delete to owners and superusers.
SmarterStaffOnlyModelAdmin: Restricts all operations to staff members and superusers.
SmarterSuperUserOnlyModelAdmin: Restricts all operations to superusers only.

Admin site

RestrictedAdminSite: Custom AdminSite that dynamically updates the console header with the current user’s role and version string.
smarter_restricted_admin_site: The singleton RestrictedAdminSite instance used throughout the project (name="restricted_admin_site").

Registered models

EmailContactList — registered with EmailContactListAdmin (staff-only).

class smarter.apps.dashboard.admin.EmailContactListAdmin(model, admin_site)[source]

Bases: SmarterStaffOnlyModelAdmin

Custom admin for the EmailContactList model.

list_display = ['email', 'created_at', 'updated_at']

property media

ordering = ('-created_at',)

class smarter.apps.dashboard.admin.RestrictedAdminSite(name='admin')[source]

Bases: AdminSite

Custom admin site that restricts access to certain apps and models and modifies the admin console header title.

each_context(request)[source]

Return a dictionary of variables to put in the template context for every page in the admin site.

For sites running on a subpath, use the SCRIPT_NAME value if site_url hasn’t been customized.

has_all_permission(request)[source]

role: str = 'customer'

site_header = 'Smarter Admin Console v0.14.2 (customer)'

class smarter.apps.dashboard.admin.SmarterCustomerModelAdmin(model, admin_site)[source]

Bases: ModelAdmin

Customized Django Admin console model class that provides access to customers.

has_add_permission(request, obj=None)[source]

Override the default add permission logic to implement role-based access control for the admin console. Add permission is granted to superusers only.

Return type:: bool

has_change_permission(request, obj=None)[source]

Override the default change permission logic to implement role-based access control for the admin console. Change permission is granted based on the user’s role and ownership of the object.

Return type:: bool

has_delete_permission(request, obj=None)[source]

Override the default delete permission logic to implement role-based access control for the admin console. Delete permission is granted based on the user’s role and ownership of the object.

Return type:: bool

has_module_permission(request)[source]

Return True if the given request has any permission in the given app label.

Can be overridden by the user in subclasses. In such case it should return True if the given request has permission to view the module on the admin index page and access the module’s index page. Overriding it does not restrict access to the add, change or delete views. Use ModelAdmin.has_(add|change|delete)_permission for that.

Return type:: bool

has_view_permission(request, obj=None)[source]: Override the default view permission logic to implement role-based access control for the admin console. View permission is effectively granted to anyone who is authenticated, barring cases where obj is passed.

property media

class smarter.apps.dashboard.admin.SmarterStaffOnlyModelAdmin(model, admin_site)[source]

Bases: ModelAdmin

Customized Django Admin console model class that restricts access to the model and prevents adding new instances of the model.

has_add_permission(request, obj=None)[source]

Override the default add permission logic to restrict access to superusers only.

Return type:: bool

has_change_permission(request, obj=None)[source]

Override the default change permission logic to restrict access to staff users and superusers only.

Return type:: bool

has_delete_permission(request, obj=None)[source]

Override the default delete permission logic to restrict access to staff users and superusers only.

Return type:: bool

has_module_permission(request)[source]

Override the default module permission logic to restrict access to staff users and superusers only.

Return type:: bool

has_view_permission(request, obj=None)[source]: Override the default view permission logic to restrict access to staff users and superusers only.

property media

class smarter.apps.dashboard.admin.SmarterSuperUserOnlyModelAdmin(model, admin_site)[source]

Bases: ModelAdmin

Customized Django Admin console model class that restricts module access to superusers only.

has_add_permission(request, obj=None)[source]

Override the default add permission logic to restrict access to superusers only.

Return type:: bool

has_change_permission(request, obj=None)[source]

Override the default change permission logic to restrict access to superusers only.

Return type:: bool

has_delete_permission(request, obj=None)[source]

Override the default delete permission logic to restrict access to superusers only.

Return type:: bool

has_module_permission(request)[source]

Override the default module permission logic to restrict access to superusers only.

Return type:: bool

has_view_permission(request, obj=None)[source]: Override the default view permission logic to restrict access to superusers only.

property media

smarter.apps.dashboard.admin.smarter_has_ud_permission(request, obj=None)[source]

Helper method to determine if the user has permission to Update or Delete (UD) an object based on ownership and account association.

param request: ASGIRequest object containing user information param obj: The object for which update/delete permission is being checked (optional) rtype: bool return: True if the user has update/delete permission for the object, False otherwise

Return type:: bool

smarter.apps.dashboard.admin.smarter_is_staff(request)[source]

Helper method to determine if the user is a staff member.

param request: ASGIRequest object containing user information rtype: bool return: True if the user is a staff member, False otherwise

Return type:: bool