Django: Using The Permission System

Posted February 19, 2010 * Comments(11)

I was surprised at how little information I found on making use of Django’s permission system. Here are some quick notes on one way to use it:

Groups are groups of users. For example, you could define a group of users who have premium accounts, or have been verified in some way, or are somehow special:


from django.contrib.auth.models import Group, Permission
special_users = Group(name='Special Users')
special_users.save()
really_special_users = Group(name='Super Special Users')
really_special_users.save()

Now you have two groups defined and can define permissions for them. Django associates permissions with models (note: not model instances, but models). You’ll need to select a model to apply the permissions to, and do a small dance with “ContentType” to find that model’s content type:


from django.contrib.contenttypes.models import ContentType
somemodel_ct = ContentType.objects.get(app_label='myapp', model='somemodel')

can_view = Permission(name='Can View', codename='can_view_something',
                       content_type=somemodel_ct)
can_view.save()

can_modify = Permission(name='Can Modify', codename='can_modify_something',
                       content_type=somemodel_ct)
can_modify.save()

You’ve now defined two permissions and can associate them with your Groups:


special_users.permissions.add(can_view)
really_special_users.permissions = [can_view, can_modify]

Our groups and their associated permissions are ready to go. Now we just have to associate these permissions with users:


jack=User.objects.get(email='[email protected]')
jack.groups.add(special_users)

jill=User.objects.get(email='[email protected]')
jill.groups.add(really_special_users)

We’re all done. Now we can check the users’ permissions:


>>> jack.has_perm('myapp.can_view_something')
True
>>> jack.has_perm('myapp.can_modify_something')
False

>>> jill.has_perm('myapp.can_view_something')
True
>>> jill.has_perm('myapp.can_modify_something')
True

And to use it in your templates:


{% if perms.myapp.can_view_something %}
Here is something for you to see.
{% else %}
Can't show you!
{% endif %}

11 Comments so far

  1. vijay on April 26th, 2010

    Excellent explanation….. thank u sooooo much….

  2. benjamin on January 2nd, 2011

    The question:
    Could you please advise on where to create groups (models.py maybe)?

    The website scenario:
    I have several levels of groups with each its own special permissions, and I would like to make it persistent like the models. And when I will create new users (I use my own sign up view and template) I will add them to the right group.

    Thanks.

  3. Parand on January 3rd, 2011

    benjamin, my approach is to use get_or_create in a module name groups.py:

    premium, _ = Group.objects.get_or_create(name=’account_premium’)

    That way I can “import groups” and get access to “groups.premium”.

    Not sure if that’s the best way to do it, but it’s worked for me.

  4. Jason on January 7th, 2011

    So I have been researching permissions frameworks for some time now and it seems like most if not all of them are based around the idea of permissions being applied to models or specific object instances.

    What I am looking for is a way to restrict access to certain pages based on user/group. I have done it currently in a kludgy way by just assigning permissions to a random model in my system but it seems inelegant since the permission to view a specific page does not necessarily have to do with that model or any model in my system.

    Maybe I don’t understand the permissions system or how its supposed to be used to restrict access on a per page level. I guess I could also create a new model specifically for per-view permissions but that also seems awkward.

    Any advice would be great :)

  5. Edgar on April 10th, 2011

    thank you for guiding the methods of Group/Permission framework

  6. Django: Checking If A User Is In A Group - Standard Deviations on June 16th, 2011

    [...] Adding to my earlier post on the django permission system: [...]

  7. milad on July 12th, 2011

    Hi

    how add view permission behind add, delete, edit permissions in django core.
    I want to add this permission for all of my models not only for one model. I know class Meta for it but I want using it for all models.

    Thanks a lot…

  8. rasadacrea on August 30th, 2011

    Interesting post on django permissions, very helpfull thank you

  9. Danilo on September 6th, 2011

    Parand, your approach with using the groups.py file is fantastic. Much better than my approach with using a fixture :) Thanks.

    Jason, see http://bradmontgomery.blogspot.com/2009/04/restricting-access-by-group-in-django.html

  10. Fahad Yousuf on December 4th, 2011

    I can’t thank you enough. This should be reposted in the official docs or the wiki or at least somewhere closer to the django website. Once again, awesome of you to take the time to write this.

  11. Crims0n on December 18th, 2011

    Thanks a lot. it was very helpfull

Leave a Reply