How to check current user's permissions from a Group in Django?

django permissions django-users django-permissions
29,047

Try this:

if request.user.has_perm('app_name.can_add_cost_price'):

From the docs:

where each perm is in the format 'app_label.permission codename'

Share:
29,047

Related videos on Youtube

MiniGunnR
Author by

MiniGunnR

Updated on August 23, 2021

Comments

  • MiniGunnR
    MiniGunnR almost 3 years

    I have a group EuropartsBuyer and model named Product.

    The following code adds a permission to the Product model.

    class Meta:
        permissions = (
            ("can_add_cost_price", "Can add cost price"),
        )

    In one of my views I have the following code to add this permission to that group.

    europarts_buyer, created = Group.objects.get_or_create(name='EuropartsBuyer')
add_cost_price = Permission.objects.get(codename='can_add_cost_price')
europarts_buyer.permissions.add(add_cost_price)

    With the help of Django Admin I have added a user to the group EuropartsBuyer.

    When I use the following code in another view

    if request.user.has_perm('can_add_cost_price'):
    do something

    the result is supposed to be True but it is showing False. Thus, the code under the if clause doesn't run.

    I have imported the currently logged in user in Django shell and when I test the permission again it shows False.

    What am I doing wrong here?

    • SomeTypeFoo
      SomeTypeFoo over 7 years
      Did you check if the request.user is a AnonymousUser instance?
    • MiniGunnR
      MiniGunnR over 7 years
      @ThulasiRam Yes. I have to log in to access that particular view.
    • SomeTypeFoo
      SomeTypeFoo over 7 years
      That i get but If you use DRF and removed authentication classes although you are logged in..in the request the user will be Anonymous. So can you try printing request.user first before checking for permissions that way you can be sure. @MiniGunnR
    • MiniGunnR
      MiniGunnR over 7 years
      I did. The user is logged in.
    • MiniGunnR
      MiniGunnR over 7 years
      I forgot to use the app label. Now it's working. if request.user.has_perm('europarts.can_add_cost_price').
  • Anthony Petrillo
    Anthony Petrillo about 2 years
    The convention is now <app>.<action>_<modelname>. See realpython.com/manage-users-in-django-admin
  • NFSpeedy
    NFSpeedy almost 2 years
    The zero limits you to check only one group. Also, the calculations in the view have been performed and you are checking too late if the server should perform something. Permissions are a way to even limit the server's overhead.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

custom django-user object has no attribute 'has_module_perms'
You do not have permission to perform this action when accessing api in django
Permission denied when trying to write to file from a view
ForeignKey to a Model field?
Django Cannot Create Test Database Permission Denied
Nginx: 502 Bad Gateway error with (111: Connection refused) to uWSGI socket while running django
CentOS7 nginx permission denied for media and static
nginx (13: Permission denied) on socket
How to implement password change form in Django 1.9
How to delete user in django?