python – User rights over another user in django


How to make the type of users or group (say a teacher) can change information about a student (standard user) but only one field (avg_mark). And how to make a form for this on the site? student class example

class Student(AbstractBaseUser):
    personname = models.CharField(max_length=250)
    avr_mark = models.FloatField(default = 0.00)
    avatar = models.CharField(max_length=250)

Thanks in advance


1) Through the django admin panel, each user and group can be assigned rights to models, but not to fields. Therefore, if you need to give access to change one field, then make an additional AverageMark model, link it with the one_to_one field and give the teacher write access to this model:

class AverageMark(models.Model):
    avr_mark = models.FloatField(default = 0.00)

class Student(AbstractBaseUser):
    personname = models.CharField(max_length=250)
    avr_mark = models.OneToOneField(
    avatar = models.CharField(max_length=250)

If the task is not worth editing the student in the admin area, then you can leave your model as you did and display only the fields = ['avr_mark'] field for the form, see the example below.

2) Editing the form can be done – through the admin panel , through the class based view , through the creation of a simple form .
– if there are no requirements to create a separate form, then you can give access to the necessary models in the admin panel and edit there. On the student information page, make links as written in the documentation :

{% load admin_urls %}
<a href="{% url opts|admin_urlname:'add' %}">Добавить студента</a>
<a href="{% url opts|admin_urlname:'delete' %}">Удалить</a>

where opts is the name of the application and model (e.g. appname_student)

I used to do this:

<a href="{% url 'admin:index' %}">Перейти в администрирование сайта</a>
<a href="{% url 'admin:appname_student_add' %}">Добавить студента</a>
<a href="{% url 'admin:appname_student_change' %}">Редактировать</a>

Well, if you need to make the form separately from the admin panel, then in write:

from django.views.generic.edit import CreateView, UpdateView, DeleteView
from django.urls import reverse_lazy
from appname.models import Student

class StudentCreate(CreateView):
    model = Student
    fields = ['avr_mark']
    template_name = 'student_create.html'

class StudentUpdate(UpdateView):
    model = Student
    fields = ['avr_mark']

class StudentDelete(DeleteView):
    model = Student
    #success_url = reverse_lazy('student-list')

from django.urls import path
from myapp.views import StudentCreate, StudentUpdate, StudentDelete

urlpatterns = [
    # ...
    path('student/add/', StudentCreate.as_view(), name='student-add'),
    path('student/<int:pk>/', StudentUpdate.as_view(), name='student-update'),
    path('student/<int:pk>/delete/', StudentDelete.as_view(), student='author-delete'),

in student_create.html template

<form action="." method="post">
    {% csrf_token %}
    {{ form.as_p }}
    <input type="submit" value="Submit" />

What I wrote is an example. I wrote from memory, there may be mistakes.

Scroll to Top