Since django 2.1, you can prevent editing, while allowing viewing, by returning False from the ModelAdmin‘s has_change_permission method, like this:
class CustomAdmin(admin.ModelAdmin):
def has_change_permission(self, request, obj=None):
return False
(This will not work before django 2.1, as it will also deny permission to any user trying only to view.)