Auth Permissions in Django

Question

I want to set permissions to a user group in Django. I noticed that Django provides the inbuilt functionality of setting the permissions to a user group. Basically, what I need is to provide some features to a user group and then inherit those features to its users.

I've some permissions in the auth_permissions table, I want to use that permissions and apply it to the user's group and thereby to the user. Currently, I'm logging it onto the webpage developed, and want a specific section from a webpage to be disabled to specific user group.

It's like this:-

Super-Admin-----> User Groups ----> Users

Basically, what I've doing till now is just building a webpage. Now I want to set the permissions for a particular user group, Add users to a user group , edit , delete etc. I noticed Django has proovided the permissions functionality automatically by adding, changinging,deleteing for every model. As of right now, I was just making users, not the user groups. So, my question is How do I make a user group and apply permissions onto it. Also, add users to a user group. The properties of the user group should be inherited to its users

I'm not sure I follow you. Permissions are automatically derived from group membership for the admin, and if you use the appropriate calls if you want to test for a permission in your own views. — Peter DeGlopper, Dec 23 '13 at 04:38
Basically, what I've doing till now is just building a webpage. Now I want to set the permissions for a particular user group, Add users to a user group , edit , delete etc. I noticed Django has proovided the permissions functionality automatically by adding, changinging,deleteing for every model. As of right now, I was just making `users`, not the user groups. So, my question is How do I make a user group and apply permissions onto it. Also, add users to a user group. The properties of the user group should be inherited to its users — Praful Bagai, Dec 23 '13 at 04:43
The `group` model in the default `auth` app (the same app that defines the default `user` model) does this. If you have enabled the default admin, any superuser account can create and edit such groups using the admin. Or you could do it in a shell but that's a lot more typing. So can any account with the create and change permissions for `auth_group` but that's something of a chicken or the egg situation - I usually just use the admin as a superuser. — Peter DeGlopper, Dec 23 '13 at 04:50
Can you please route me to a tutorial ehich has all this. Thanks. — Praful Bagai, Dec 23 '13 at 04:51
I'll have to see what I can dig up. Are you using the admin currently? — Peter DeGlopper, Dec 23 '13 at 04:56
No. I hardly use the admin. I've just enabled the admin just for viewing purpose. As in, I as a company is the `super-user`, the users(company names) that I create will be under me, ie under user-groups. Then there will be some sub-user-groups under each user-group(company) and finally the users under the sub-user's group. — Praful Bagai, Dec 23 '13 at 04:59
Hmm. For that kind of design the built in groups model isn't quite right - it doesn't represent nested membership. You'd probably have to modify the models or find a different structure to manage permissions. — Peter DeGlopper, Dec 23 '13 at 05:10
Sorry, I put the wrong info forward. I apologize. I consulted my colleague and he clarified the thought. There are user groups and users under that user group. The user's can be admin's or normal users. So, now I think my requirement is same like the django inbuilt groups and permissions. So, how would I go about it. I viewed http://stackoverflow.com/questions/10131271/invalid-literal-error-when-adding-a-user-permission-to-a-django-user-object/10131510#10131510 thread and understood, but I still need more clarification on it. Can you please provide a demo or just route me to a link. Thanks — Praful Bagai, Dec 23 '13 at 05:25

score 2 · Accepted Answer · edited May 23 '17 at 10:25

2

Based on your updated comment, I think the built in Django auth groups are an excellent way to meet your requirements.

The simplest way to create a group and set its permissions is to use the built-in admin system. See this link for an applicable screenshot: https://docs.djangoproject.com/en/dev/intro/tutorial02/#enter-the-admin-site The actual tutorial goes down a different path than you'll follow, but the bits about logging in as a superuser and then the screenshot are useful.

Note in that screenshot that there's a link to view and a link to add groups. If you add a group, you'll be given the opportunity to set its name and to set the model-level create/edit/delete permissions for that group. In the Users admin, you can edit specific users and assign them to groups. If you want them to be able to use the admin, you'll need to set their is_staff flag as well; if you plan to check for permissions in your views that's not necessary.

This answer shows some of the ways you can set permissions for a group using manage.py shell: User groups and permissions Personally, I think the admin is easier for a beginner, but it's good to have a sense of what's going on behind the scenes.

edited May 23 '17 at 10:25

Community

1
1

answered Dec 23 '13 at 06:02

Peter DeGlopper

36,326
7
90
83

I must say it's a very useful answer. Thanks. ne question. How will I add user groups and map users to the group without using admin module.? – Praful Bagai Dec 23 '13 at 06:28
I'm viewing http://stackoverflow.com/questions/12393726/user-groups-and-permissions thread. here in the first solution, the permissions are first created and then applied to a group, but in my case permissions are already there in the Django built in permission table. How do I map those permission to a group of users of a specific user. – Praful Bagai Dec 23 '13 at 06:33
I got that as well. Thanks. Can I revert you back, if I need some help?? Thanks. – Praful Bagai Dec 23 '13 at 06:37
My time to answer is not always predictable, but I'll see comments at some point. – Peter DeGlopper Dec 23 '13 at 06:39

score 1 · Answer 2 · answered Dec 23 '13 at 04:54

1

I have some alternate way, as per my assumption you can divide the page into different block as per your user permission group and use decorator function to validate user if user have required permission then the block will show.

answered Dec 23 '13 at 04:54

Raghu

41
4

You're not exactly wrong - decorators on views are a good way to check for permissions - but I think the OP is still working on how to set permissions rather than how to test for them. – Peter DeGlopper Dec 23 '13 at 05:00
I've read somewhere about this as well,and I understand what you're saying but what do you mean by dividing your page into different blocks? – Praful Bagai Dec 23 '13 at 05:01
first you have to return a flag from view depend on user type then based on this view show the block on template.Block in the sense on the template put multiple if else based on user flag – Raghu Dec 23 '13 at 08:51

Auth Permissions in Django

2 Answers2