How to check current user's permissions from a Group in Django?

Asked 6/2, 2017 at 8:26 Answered 22/8, 2021 at 13:8

Solved django permissions django-users django-permissions

I have a group EuropartsBuyer and model named Product.

The following code adds a permission to the Product model.

class Meta:
        permissions = (
            ("can_add_cost_price", "Can add cost price"),
        )

In one of my views I have the following code to add this permission to that group.

europarts_buyer, created = Group.objects.get_or_create(name='EuropartsBuyer')
add_cost_price = Permission.objects.get(codename='can_add_cost_price')
europarts_buyer.permissions.add(add_cost_price)

With the help of Django Admin I have added a user to the group EuropartsBuyer.

When I use the following code in another view

if request.user.has_perm('can_add_cost_price'):
    do something

the result is supposed to be True but it is showing False. Thus, the code under the if clause doesn't run.

I have imported the currently logged in user in Django shell and when I test the permission again it shows False.

What am I doing wrong here?

Taratarabar answered 6/2, 2017 at 8:26 Comment(5)

Did you check if the request.user is a AnonymousUser instance? – Ity 6/2, 2017 at 8:38

@ThulasiRam Yes. I have to log in to access that particular view. – Taratarabar 6/2, 2017 at 8:50

That i get but If you use DRF and removed authentication classes although you are logged in..in the request the user will be Anonymous. So can you try printing request.user first before checking for permissions that way you can be sure. @Taratarabar – Ity 6/2, 2017 at 9:49

I did. The user is logged in. – Taratarabar 6/2, 2017 at 10:25

I forgot to use the app label. Now it's working. if request.user.has_perm('europarts.can_add_cost_price'). – Taratarabar 6/2, 2017 at 10:48

Try this:

if request.user.has_perm('app_name.can_add_cost_price'):

From the docs:

where each perm is in the format 'app_label.permission codename'

Broth answered 6/2, 2017 at 10:38 Comment(1)

The convention is now <app>.<action>_<modelname>. See realpython.com/manage-users-in-django-admin – Legist 7/4, 2022 at 0:22

-2

When you are working with permissions groups you don't need to check for each permission the user has. If the user is part of the permission group you created in the Django admin just change "YourGroupName" to the name your called your group when you created it

        {% ifequal user.groups.all.0.name "YourGroupName" %}
          <div>This is User</div>
        {% endifequal %}

Brubeck answered 22/8, 2021 at 13:8 Comment(1)

The zero limits you to check only one group. Also, the calculations in the view have been performed and you are checking too late if the server should perform something. Permissions are a way to even limit the server's overhead. – Nelrsa 2/7, 2022 at 8:58

Recommended topics

Hot tags