Home » Django » Readonly models in Django admin interface?

Readonly models in Django admin interface?

Posted by: admin November 30, 2017 Leave a comment

Questions:

How can I make a model completely read-only in the admin interface? It’s for a kind of log table, where I’m using the admin features to search, sort, filter etc, but there is no need to modify the log.

In case this looks like a duplicate, here’s not what I’m trying to do:

  • I’m not looking for readonly fields (even making every field readonly would still let you create new records)
  • I’m not looking to create a readonly user: every user should be readonly.
Answers:

See https://djangosnippets.org/snippets/10539/

class ReadOnlyAdminMixin(object):
    """Disables all editing capabilities."""
    change_form_template = "admin/view.html"

    def __init__(self, *args, **kwargs):
        super(ReadOnlyAdminMixin, self).__init__(*args, **kwargs)
        self.readonly_fields = self.model._meta.get_all_field_names()

    def get_actions(self, request):
        actions = super(ReadOnlyAdminMixin, self).get_actions(request)
        del actions["delete_selected"]
        return actions

    def has_add_permission(self, request):
        return False

    def has_delete_permission(self, request, obj=None):
        return False

    def save_model(self, request, obj, form, change):
        pass

    def delete_model(self, request, obj):
        pass

    def save_related(self, request, form, formsets, change):
        pass

templates/admin/view.html

{% extends "admin/change_form.html" %}
{% load i18n %}

{% block submit_buttons_bottom %}
  <div class="submit-row">
    <a href="../">{% blocktrans %}Back to list{% endblocktrans %}</a>
  </div>
{% endblock %}

templates/admin/view.html (for Grappelli)

{% extends "admin/change_form.html" %}
{% load i18n %}

{% block submit_buttons_bottom %}
  <footer class="grp-module grp-submit-row grp-fixed-footer">
    <header style="display:none"><h1>{% trans "submit options"|capfirst context "heading" %}</h1></header>
    <ul>
       <li><a href="../" class="grp-button grp-default">{% blocktrans %}Back to list{% endblocktrans %}</a></li>
    </ul>
  </footer>
{% endblock %}

Questions:
Answers:

The admin is for editing, not just viewing (you won’t find a “view” permission). In order to achieve what you want you’ll have to forbid adding, deleting, and make all fields readonly:

class MyAdmin(ModelAdmin):

    def has_add_permission(self, request, obj=None):
        return False

    def has_delete_permission(self, request, obj=None):
        return False

(if you forbid changing you won’t even get to see the objects)

For some untested code that tries to automate setting all fields read-only see my answer to Whole model as read-only

EDIT: also untested but just had a look at my LogEntryAdmin and it has

readonly_fields = MyModel._meta.get_all_field_names()

Don’t know if that will work in all cases.

EDIT: QuerySet.delete() may still bulk delete objects. To get around this, provide your own “objects” manager and corresponding QuerySet subclass which doesn’t delete – see Overriding QuerySet.delete() in Django

Questions:
Answers:

Here are two classes I am using to make a model and/or it’s inlines read only.

For model admin:

from django.contrib import admin

class ReadOnlyAdmin(admin.ModelAdmin):
    readonly_fields = []

    def get_readonly_fields(self, request, obj=None):
        return list(self.readonly_fields) + \
               [field.name for field in obj._meta.fields] + \
               [field.name for field in obj._meta.many_to_many]


    def has_add_permission(self, request):
        return False

    def has_delete_permission(self, request, obj=None):
        return False

class MyModelAdmin(ReadOnlyAdmin):
    pass

For inlines:

class ReadOnlyTabularInline(admin.TabularInline):
    extra = 0
    can_delete = False
    editable_fields = []
    readonly_fields = []
    exclude = []

    def get_readonly_fields(self, request, obj=None):
        return list(self.readonly_fields) + \
               [field.name for field in self.model._meta.fields
                if field.name not in self.editable_fields and
                   field.name not in self.exclude]

    def has_add_permission(self, request):
        return False


class MyInline(ReadOnlyTabularInline):
    pass

Questions:
Answers:

If you want the user become aware that he/she cannot edit it, 2 pieces are missing on the first solution. You have remove the delete action!

class MyAdmin(ModelAdmin)
    def has_add_permission(self, request, obj=None):
        return False
    def has_delete_permission(self, request, obj=None):
        return False

    def get_actions(self, request):
        actions = super(MyAdmin, self).get_actions(request)
        if 'delete_selected' in actions:
            del actions['delete_selected']
        return actions

Second: the readonly solution works fine on plain models. But it does NOT work if you have an inherited model with foreign keys. Unfortunately, I don’t know the solution for that yet. A good attempt is:

Whole model as read-only

But it does not work for me either.

And a final note, if you want to think on a broad solution, you have to enforce that each inline has to be readonly too.

Questions:
Answers:

If the accepted answer doesn’t work for you, try this:

def get_readonly_fields(self, request, obj=None):
    readonly_fields = []
    for field in self.model._meta.fields:
        readonly_fields.append(field.name)

    return readonly_fields

Questions:
Answers:

Actually you can try this simple solution:

class ReadOnlyModelAdmin(admin.ModelAdmin):
    actions = None
    list_display_links = None
    # more stuff here

    def has_add_permission(self, request):
        return False
  • actions = None: avoids showing the dropdown with the “Delete selected …” option
  • list_display_links = None: avoids clicking in columns to edit that object
  • has_add_permission() returning False avoids creating new objects for that model
Questions:
Answers:

The accepted answer should work, but this will also preserve the display order of the readonly fields. You also don’t have to hardcode the model with this solution.

class ReadonlyAdmin(admin.ModelAdmin):
   def __init__(self, model, admin_site):
      super(ReadonlyAdmin, self).__init__(model, admin_site)
      self.readonly_fields = [field.name for field in filter(lambda f: not f.auto_created, model._meta.fields)]

   def has_delete_permission(self, request, obj=None):
       return False
   def has_add_permission(self, request, obj=None):
       return False

Questions:
Answers:

Compiling @darklow and @josir ‘s excellent answers, plus adding a bit more to remove “Save” and “Save and Continue” buttons leads to (in Python 3 syntax):

class ReadOnlyAdmin(admin.ModelAdmin):
    """Provides a read-only view of a model in Django admin."""
    readonly_fields = []

    def change_view(self, request, object_id, extra_context=None):
        """ customize add/edit form to remove save / save and continue """
        extra_context = extra_context or {}
        extra_context['show_save_and_continue'] = False
        extra_context['show_save'] = False
        return super().change_view(request, object_id, extra_context=extra_context)

    def get_actions(self, request):
        actions = super().get_actions(request)
        if 'delete_selected' in actions:
            del actions['delete_selected']
        return actions

    def get_readonly_fields(self, request, obj=None):
        return list(self.readonly_fields) + \
           [field.name for field in obj._meta.fields] + \
           [field.name for field in obj._meta.many_to_many]

    def has_add_permission(self, request):
        return False

    def has_delete_permission(self, request, obj=None):
        return False

and then you use like

class MyModelAdmin(ReadOnlyAdmin):
    pass

I’ve only tried this with Django 1.11 / Python 3.

Questions:
Answers:

I ran into the same requirement when needing to make all fields readonly for certain users in django admin ended up leveraging on django module “django-admin-view-permission” without rolling my own code. If you need more fine grained control to explicitly define which fields then you would need to extend the module. You can check out the plugin in action here