Fixing “Missing Admin Actions” in Django Templates: Context Flags and Caching Gotchas

on

Summary

You reset your Django admin password, can authenticate in the shell, yet in the front-end offer page the Edit/Delete/Promote buttons don’t appear—even for superusers. The root cause often isn’t authentication at all, but a combination of:

  1. A template flag (e.g., us) that isn’t set for admins.
  2. Aggressive page caching serving an anonymous version to logged-in users.

Symptoms

  • You can log in as superuser.
  • Server-side authenticate(...) returns the user.
  • In templates you conditionally show admin actions with: 
    {% if user_offer or us %}
    ... edit / delete buttons ...
{% endif %}
  • On the page, those buttons are missing for admin/staff.

Root Cause

1) Context flag not set

The front-end buttons rely on us or user_offer. If the view only sets: 

us = UserContact.objects.filter(user=request.user, contact=offer.contact).exists()

then admins/staff without that relation have us = False, so the buttons don’t render.

2) Full-page caching without cookie variance

With: 

@cache_page(settings.CACHE_MIDDLEWARE_SECONDS_LONG)
def viewoffer(...):

and no Vary: Cookie, the first anonymous response (without buttons) can be cached and wrongly reused for authenticated users.

Minimal Fix (Safe & Backwards-Compatible)

A) Adjust only the us flag in the view

user = request.user
is_auth = user.is_authenticated() if callable(getattr(user, 'is_authenticated', None)) else bool(getattr(user, 'is_authenticated', False))

if is_auth and (user.is_superuser or user.is_staff):
    us = True
else:
    owner_id = getattr(offer, 'owner_id', None) or getattr(getattr(offer, 'user', None), 'id', None)
    us = bool(is_auth and (
        owner_id == user.id or
        UserContact.objects.filter(user=user, contact=offer.contact).exists()
    ))

B) Make cache vary on cookies

from django.views.decorators.vary import vary_on_cookie

@vary_on_cookie
@cache_page(settings.CACHE_MIDDLEWARE_SECONDS_LONG)
def viewoffer(request, ...):
    ...

For high-trust admin UX, you can skip caching for authenticated users entirely and only cache for anonymous traffic.

Quick Verification Checklist

  • authenticate(username=..., password=...) returns a user.
  • ✅ Admin buttons render behind user_offer or us.
  • us is True for superusers/staff.
  • ✅ Response headers for /admin/login/ include Set-Cookie: csrftoken=.
  • ✅ With full-page cache: add @vary_on_cookie.
  • ✅ Clear page cache and test in incognito.

Preventing Recurrence

  • Keep authorization in the view: compute can_manage and pass it to the template.
  • Separate public vs. authenticated caching.
  • Add unit tests for visibility of management buttons.
  • Document context flags so future changes don’t break visibility.

Suggested SEO Title & Meta

Title: Django Admin Actions Not Showing? Fix Context Flags and Caching in Templates

Meta description: Admin buttons missing in your Django front-end? Learn how context flags and caching hide edit/delete controls—and the minimal, safe fix.

Targeted SEO Keywords (problem-specific)

  • django admin buttons not showing
  • django template conditional buttons
  • django context variable not set
  • django superuser not seeing edit delete
  • django cache_page missing buttons
  • django vary_on_cookie authentication
  • django frontend admin actions
  • django UserContact exists flag
  • django offer edit delete buttons
  • django page cached for anonymous users

Broader/Generic SEO Keywords

  • django authentication vs authorization
  • django caching best practices
  • django csrf cookie not set
  • django middleware order sessions csrf auth
  • django production settings https proxy
  • django permissions and roles
  • django view performance caching
  • django template best practices
  • django security headers x-frame-options
  • django admin customization front end

Comments

Post a Comment