djangodjango-ckeditordjango-filebrowser

How to disable browse server option for non admin while uploading image in django-ckeditor?


I have a blog on django on which any public can post. In post content I am using django-ckeditor RichTextUploadingField.

There is button Browse server for images in ckeditor, that let users browse images of server's upload directory and embed images in post.

But i want to restrict public from browsing images on server when they make post. They should be able upload images only, not browse every image on server that is uploaded.

Here is my models.py


class Article(models.Model):
    title = models.CharField(max_length = 200)
    content = RichTextUploadingField()
    author = models.ForeignKey(User, on_delete= models.CASCADE, null=True)

    def __str__(self):
        return self.title

Forms.py


class ArticleForm(ModelForm):
    class Meta:
        model = Article
        widgets = {
            'content': RichTextUploadingField()
        }


Solution

  • A direct setting to remove this functionality isnt provided but CKEDITOR_RESTRICT_BY_USER = True could be used to achieve the same. Reference from the documentation:

    Set the CKEDITOR_RESTRICT_BY_USER setting to True in the project's settings.py file (default False). This restricts access to uploaded images to the uploading user (e.g. each user only sees and uploads their own images). Upload paths are prefixed by the string returned by get_username. If CKEDITOR_RESTRICT_BY_USER is set to a string, the named property is used instead. Superusers can still see all images. NOTE: This restriction is only enforced within the CKEditor media browser.