Home/ Questions/Q 6698561
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T06:35:32+00:00

I have several admin instances running on a site – one for each country,

  • 0

I have several admin instances running on a site – one for each country, that the site supports.

However, if a user logs into one admin, they are automatically able to access other instances.

I need to make the auth code aware of which admin the user has logged into and prevent access to other admin systems.

Any ideas how this can be done?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can use middleware to check for user permissions to access certain areas of admin site. Checkout this snippet. (You might want to know more about handling custom permissions in Django.)

    If you need something more universal, you can use the code example below. The idea is simple: it uses custom functions to find out about user permissions and to give an appropriate response:

    #coding: utf-8
# Note that RESTRICTED_URLS tuple takes three parameters: url regex, function to check
# whether user has certain permission, and a function to redirect the user to a certain 
# page if he doesn't have sufficient rights.
import re
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext_lazy as _
from django.http import HttpResponseRedirect
from django.contrib import messages
from backend.models import Professional
from django.contrib.auth.decorators import permission_required

def calculate_forbidden_response(request, view_func,view_args,view_kwargs):
    if not request.user.is_authenticated():
        return permission_required('')(view_func)(request,*view_args,**view_kwargs)
    elif request.user.has_perm('backend.p_add_professional'):
        messages.error(request, _('You need permission Spam to enter this cabinet.'))
        return HttpResponseRedirect('/some_help_page_about_permissions.html')

def check_professional_permission(request):
    return request.user.has_perm('backend.p_access_professional_cabinet')

RESTRICTED_URLS = (
                    (r'/professional/(.*)$', check_professional_permission, calculate_forbidden_response),
                  )
RESTRICTED_URLS_EXCEPTIONS = ()

class CheckPermissionMiddleware(object):
    def __init__(self):
        self.restricted = tuple([(re.compile(url[0]), url[1], url[2]) for url in RESTRICTED_URLS])
        self.exceptions = tuple([re.compile(url) for url in RESTRICTED_URLS_EXCEPTIONS])

    def process_view(self,request,view_func,view_args,view_kwargs):
        if request.user.is_superuser:
            return None
        for path in self.exceptions:
            if path.match(request.path): return None
        for rule in self.restricted:
            url, permission = rule[0], rule[1]
            calculated_response = rule[2]
            if url.match(request.path):
                if not permission(request):
                    return calculated_response(request, view_func,view_args,view_kwargs)
                else:
                    return None
        return None
    • 0