How can I hide data for a superuser, when you deployed your application in Heroku or any cloud provider, you can see what others people posted in your application by visiting admin page via: www.example.com/admin. I don’t like superuser to be able see or change anything that is created from others people, I want those data to be hidden only for a superuser, but for those who created those data, I want them to see it and even editing it.
I’m trying to use: django-cryptography, but it wasn’t supported Django==4.1.5. How can I hide those data Specifically for a superuser
class PrimaryAlbum(models.Model):
name = models.CharField(max_length=100)
user = models.ForeignKey(User,
on_delete=models.CASCADE)
slug = models.SlugField(unique=True, max_length=100)
def save(self, *args, **kwargs):
self.slug = slugify(self.name)
super().save(*args, **kwargs)
def __str__(self):
return self.name
You do this by greatly restricting access to the superuser account. There should never be more than two people (possibly three in a sufficiently-large organization) having the password for that account.
The superuser account bypasses all authority tests within the admin - by design. It is your “account of last resort”.
The mistake is getting into the habit of routinely using that account, when in reality, other “is_staff” accounts should be created and used for normal purposes when access to the admin is required.
The other big mistake is assuming that the admin is something that you would ever voluntarily expose to an external entity.