22

in django by default when syncdb is run with django.contrib.auth installed, it creates default permissions on each model... like foo.can_change , foo.can_delete and foo.can_add. To add custom permissions to models one can add class Meta: under the model and define permissions there, as explained here https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#custom-permissions

My question is that what should I do if I want to add a custom permission to the User model? like foo.can_view. I could do this with the following snippet,

ct = ContentType.objects.get(app_label='auth', model='user')
perm = Permission.objects.create(codename='can_view', name='Can View Users', 
                                  content_type=ct)
perm.save()

But I want something that plays nicely with syncdb, for example the class Meta under my custom models. Should I just have these in class Meta: under UserProfile since that is the way to extend the user model. but is that the RIGHT way to do it? Wouldn't that tie it to UserProfile model?

Klaas van Schelven
  • 2,374
  • 1
  • 21
  • 35
gsin
  • 413
  • 2
  • 4
  • 8

5 Answers5

9

You could do something like this:

in the __init__.py of your Django app add:

from django.db.models.signals import post_syncdb
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth import models as auth_models
from django.contrib.auth.models import Permission

# custom user related permissions
def add_user_permissions(sender, **kwargs):
    ct = ContentType.objects.get(app_label='auth', model='user')
    perm, created = Permission.objects.get_or_create(codename='can_view', name='Can View Users', content_type=ct)
post_syncdb.connect(add_user_permissions, sender=auth_models)
Dzejkob
  • 2,302
  • 2
  • 15
  • 20
  • 1
    Putting in an `__init__.py` and connecting to `post_syncdb` is probably a good idea, but the code above didn't work for me. I have to use `ContentType.objects.get_for_model(model=auth_models.User)`. Otherwise, it worked. – brianmearns Dec 12 '13 at 20:22
  • post_syncdb doesn't seem to be a signal anymore – Ren Mar 13 '20 at 18:09
  • Use the `defaults` dict to pass `name` to `get_or_create`, like this: `defaults={'name': 'Can View Users'}`. [More info](https://stackoverflow.com/a/76240003/456550) – Christian Long May 12 '23 at 21:25
5

I don't think there is a "right" answer here, but i used the exact same code as you except i changed Permission.objects.create to Permission.objects.get_or_create and that worked find to sync with syncdb

leech
  • 8,293
  • 7
  • 62
  • 78
2

An updated answer for Django 1.8. The signal pre_migrate is used instead of pre_syncdb, since syncdb is deprecated and the docs recommend using pre_migrate instead of post_migrate if the signal will alter the database. Also, @receiver is used to connect add_user_permissions to the signal.

from django.db.models.signals import pre_migrate
from django.contrib.contenttypes.models import ContentType
from django.contrib.auth import models as auth_models
from django.contrib.auth.models import Permission
from django.conf import settings
from django.dispatch import receiver


# custom user related permissions
@receiver(pre_migrate, sender=auth_models)
def add_user_permissions(sender, **kwargs):
    content_type = ContentType.objects.get_for_model(settings.AUTH_USER_MODEL)
    Permission.objects.get_or_create(codename='view_user', name='View user', content_type=content_type)
mcastle
  • 2,882
  • 3
  • 25
  • 43
  • 3
    May i ask in which file do i have to put this code? I though it was to be set in models as in earlier version of Django but I'm not sure... – softwareplay Mar 03 '16 at 16:12
  • @mcastle I put this in `__init__.py` but the "DoesNotExist: ContentType matching query does not exist." error is still coming – Gobi Dasu Jan 03 '17 at 06:28
  • I'm not sure your `sender` argument is correct, it should be an app instance, e.g. ``` from django.apps import apps sender = apps.get_app_config('auth') ``` – Andre Miras May 14 '19 at 10:34
1

This is a bit hacky but mentioning it here anyway for reference.

My site has a generic model called Setting, which stores various settings concerning the site I want certain users to be able to edit, without needing to go through me the developer (like registration limit, or an address, or the cost of items, etc).

All the permissions that don't nicely map onto other models (eg "Send Password Reminder Email to Student", "Generate Payment Reconciliation Report", "Generate PDF Receipt"), which really just relate to pages that get viewed in the admin area, get dumped onto this Setting model.

For example, here's the model:

class Setting(models.Model):
    name = models.CharField(max_length=50, unique=True)
    slug = models.SlugField(editable=False)
    description = models.TextField()
    value = models.TextField()
    class Meta:
        #for permissions that don't really relate to a particular model, and I don't want to programmatically create them.
        permissions = (
            ("password_reminder", "Send Password Reminder"),
            ("generate_payment_reconciliation_report", "Generate Payment Reconciliation Report"),
            ("generate_pdf_receipt", "Generate PDF Receipt"),
        )

Do each of those settings strictly relate to the Setting model? No, which is why I said this is a bit hacky. But it is nice that I can now just dump all those permissions here, and Django's migration commands will take care of the rest.

thespacecamel
  • 912
  • 11
  • 14
0

As @leech pointed out in a comment on their answer, you can't pass the name parameter to get_or_create directly. You have to include name as part of the defaults dict. Otherwise you'll get duplicate key errors.

Change the get_or_create call from @Dzejkob's answer to make it look like this:

perm, created = Permission.objects.get_or_create(
    content_type=ct,
    codename='can_view', 
    defaults={'name': 'Can View Users'},
)
Christian Long
  • 10,385
  • 6
  • 60
  • 58