[Solved]-How to make Django admin site accessed by non-staff user?

4👍

I think that your approach should now be possible: http://code.djangoproject.com/ticket/14434 (closed 5 weeks ago)

However, the explicit “is_staff” check is still done in two places (apart from the staff_member_required decorator):

  • django.contrib.admin.forms.AdminAuthenticationForm.clean()

    On top of “has_permission()” you’d need to provide your non-staff AdminSite with a “login_form” that doesn’t do the is_staff check, so could just subclass and adjust clean() accordingly.

  • templates/admin/base.html

    would need to be slightly customized.
    The div with id “user-tools” is only shown for active staff members. I’m assuming that’s done because the login form also uses this template, and someone could be logged in as an active non-staff member but still should’nt see those links.

6👍

Here’s what worked for me with Django >= 3.2.

  • Create a subclass of AdminSite
  • Override the has_permission() method to remove the is_staff check.
  • Override the login_form to use AuthenticationForm.
    • AdminSite uses AdminAuthenticationForm, which extends AuthenticationForm and adds a check for is_staff.

Code

# PROJECT/APP/admin.py

from django.contrib.admin import AdminSite
from django.contrib.admin.forms import AuthenticationForm


class MyAdminSite(AdminSite):
    """
    App-specific admin site implementation
    """

    login_form = AuthenticationForm

    site_header = 'Todomon'

    def has_permission(self, request):
        """
        Checks if the current user has access.
        """
        return request.user.is_active


site = MyAdminSite(name='myadmin')

-1👍

What’s wrong with this approach? Any idea how to implement this feature?

What’s wrong with this approach is that permissions and groups can already provide you with what you need. There is no need to subclass AdminSite if all you need is to divide users.

This is probably why this feature is so poorly documented, IMHO

Leave a comment