Admin Extensions

synopsis

Admin Extensions

  • ForeignKeyAutocompleteAdmin - ForeignKeyAutocompleteAdmin will enable the admin app to show ForeignKey fields with an search input field. The search field is rendered by the ForeignKeySearchInput form widget and uses jQuery to do configurable autocompletion.

  • ForeignKeyAutocompleteStackedInline, ForeignKeyAutocompleteTabularInline - in the same fashion of the ForeignKeyAutocompleteAdmin these two classes enable a search input field for ForeignKey fields in AdminInline classes.

Depreciation

Django 2.0 now contains similar functionality as ForeignKeyAutocompleteAdmin therefore we are deprecating this extension and highly encouraging everyone to update to it.

This code will be removed in the near future when support for Django older then 2.0 is dropped.

More on this: https://docs.djangoproject.com/en/2.0/ref/contrib/admin/#django.contrib.admin.ModelAdmin.autocomplete_fields

Known Issues

  • SECURITY ISSUE: Autocompletion does not check permissions nor the requested models on the autocompletion view. This can be used by users with access to the admin to expose data from other models. Please be aware and careful when using ForeignKeyAutocompleteAdmin.

  • The current version of the ForeignKeyAutocompleteAdmin has issues with recent Django versions.

  • We strongly suggest project using this extension to update to Django 2.0 and use the native autocomplete_fields.

Example Usage

To enable the Admin Autocomplete you can follow this code example in your admin.py file:

from django.contrib import admin
from foo.models import Permission
from django_extensions.admin import ForeignKeyAutocompleteAdmin


class PermissionAdmin(ForeignKeyAutocompleteAdmin):
    # User is your FK attribute in your model
    # first_name and email are attributes to search for in the FK model
    related_search_fields = {
       'user': ('first_name', 'email'),
    }

    fields = ('user', 'avatar', 'is_active')

    ...

admin.site.register(Permission, PermissionAdmin)

If you are using django-reversion you should follow this code example:

from django.contrib import admin
from foo.models import MyVersionModel
from reversion.admin import VersionAdmin
from django_extensions.admin import ForeignKeyAutocompleteAdmin


class MyVersionModelAdmin(VersionAdmin, ForeignKeyAutocompleteAdmin):
    ...

admin.site.register(MyVersionModel, MyVersionModelAdmin)

If you need to limit the autocomplete search, you can override the get_related_filter method of the admin. For example if you want to allow non-superusers to attach attachments only to articles they own you can use:

class AttachmentAdmin(ForeignKeyAutocompleteAdmin):

    ...

    def get_related_filter(self, model, request):
        user = request.user
        if not issubclass(model, Article) or user.is_superuser():
            return super(AttachmentAdmin, self).get_related_filter(
                model, request
            )
        return Q(owner=user)

Note that this does not protect your application from malicious attempts to circumvent it (e.g. sending fabricated requests via cURL).