How to Work User Level Permissions in Django?
In this tutorial we will go over the demonstration of how to work user-level permissions in django. we will help you to give example of django user-level permissions example. you will learn how to use permission in django. We will look at example of user permissions in django.
Describe the operation of Django's groups and permissions. Utilize Django's built-in permission system to its full potential.
Here i explained simply step by step example of django group permissions example.
Every time a new Django model is generated, add, edit, delete, and view permissions are automatically created by Django when django.contrib.auth is added to the INSTALLED APPS setting in the settings.py file.
In Django, permissions are named in the following order:
- app:is the name of the Django app the associated model resides in
- action:is add, change, delete, or view
- model_name:is name of the model in lowercase
Let's assume we have the following model in an app called "blog":
from django.db import models class Post(models.Model): title = models.CharField(max_length=400) body = models.TextField()
By default, Django will create the following permissions:
You can then check if a user (via a Django user object) has permissions with the has_perm() method:
from django.contrib.auth import get_user_model from django.contrib.auth.models import User, Permission from django.contrib.contenttypes.models import ContentType from blog.models import Post content_type = ContentType.objects.get_for_model(Post) post_permission = Permission.objects.filter(content_type=content_type) print([perm.codename for perm in post_permission]) # => ['add_post', 'change_post', 'delete_post', 'view_post'] user = User.objects.create_user(username="test", password="test", email="[email protected]") # Check if the user has permissions already print(user.has_perm("blog.view_post")) # => False # To add permissions for perm in post_permission: user.user_permissions.add(perm) print(user.has_perm("blog.view_post")) # => False # Why? This is because Django's permissions do not take # effect until you allocate a new instance of the user. user = get_user_model().objects.get(email="email@example.com") print(user.has_perm("blog.view_post")) # => True
Superusers will always have permission set to True even if the permission does not exist:
from django.contrib.auth.models import User superuser = User.objects.create_superuser( username="super", password="test", email="[email protected]" ) # Output will be true print(superuser.has_perm("blog.view_post")) # Output will be true even if the permission does not exists print(superuser.has_perm("foo.add_bar"))
In Django, a user type with all system permissions is known as a superuser. Superusers have access to all rights, whether they were created by Django or custom permissions.
The only difference between a staff user and other users in your system is that staff users have access to the Django Admin interface. Only staff users and superusers have access to the Django Admin interface.
I hope it will help you....
How to Delete Folder and Files Recursively in Python?