How to Work User Level Permissions in Django?

Hi Dev,

In this tutorial we will go over the demonstration of how to work user-level permissions in django. we will help you to give example of django user-level permissions example. you will learn how to use permission in django. We will look at example of user permissions in django.

Describe the operation of Django's groups and permissions. Utilize Django's built-in permission system to its full potential.

Here i explained simply step by step example of django group permissions example.

User-level Permissions

Every time a new Django model is generated, add, edit, delete, and view permissions are automatically created by Django when django.contrib.auth is added to the INSTALLED APPS setting in the settings.py file.

In Django, permissions are named in the following order:

{app}.{action}_{model_name}

• app:is the name of the Django app the associated model resides in
• action:is add, change, delete, or view
• model_name:is name of the model in lowercase

Let's assume we have the following model in an app called "blog":

from django.db import models


class Post(models.Model):
    title = models.CharField(max_length=400)
    body = models.TextField()

By default, Django will create the following permissions:

1. blog.add_post
2. blog.change_post
3. blog.delete_post
4. blog.view_post

You can then check if a user (via a Django user object) has permissions with the has_perm() method:

from django.contrib.auth import get_user_model
from django.contrib.auth.models import User, Permission
from django.contrib.contenttypes.models import ContentType

from blog.models import Post

content_type = ContentType.objects.get_for_model(Post)
post_permission = Permission.objects.filter(content_type=content_type)
print([perm.codename for perm in post_permission])
# => ['add_post', 'change_post', 'delete_post', 'view_post']

user = User.objects.create_user(username="test", password="test", email="[email protected]")

# Check if the user has permissions already
print(user.has_perm("blog.view_post"))
# => False

# To add permissions
for perm in post_permission:
    user.user_permissions.add(perm)

print(user.has_perm("blog.view_post"))
# => False
# Why? This is because Django's permissions do not take
# effect until you allocate a new instance of the user.

user = get_user_model().objects.get(email="test@user.com")
print(user.has_perm("blog.view_post"))
# => True

Superusers will always have permission set to True even if the permission does not exist:

from django.contrib.auth.models import User

superuser = User.objects.create_superuser(
    username="super", password="test", email="[email protected]"
)

# Output will be true
print(superuser.has_perm("blog.view_post"))

# Output will be true even if the permission does not exists
print(superuser.has_perm("foo.add_bar"))

In Django, a user type with all system permissions is known as a superuser. Superusers have access to all rights, whether they were created by Django or custom permissions.

The only difference between a staff user and other users in your system is that staff users have access to the Django Admin interface. Only staff users and superusers have access to the Django Admin interface.

I hope it will help you....

Happy Coding!