Django object-based permisson

Fanciful moment

According to the real needs, django model-based permission is not enough. So we need to focus on the object level. How could we do? Here is the solution.

Object-based permission

The django framework will check model-based permissions firstly, then check the object-based permissions. So if we want to add an object-based permission successfully, we should add user a model-based permission or a permission group which includes this model-based permission. Here is the sample code.

1
2
3
4
5
6
7
8
9
10
11
12
13
change_perm = Permission.objects.get(codename=f'change_{model_name}')
delete_perm = Permission.objects.get(codename=f'delete_{model_name}')
# get or create a group which includes the model-level permissions
group, created = Group.objects.get_or_create(name=f'{group_name}')
if created:
    group.permissions.set([change_perm, delete_perm])
    # or 
    # group.permissions.add(change_perm)
    # group.permissions.add(delete_perm)
user.groups.add(group)
# assign object permissions
assign_perm(change_perm, user, instance)
assign_perm(delete_perm, user, instance)

References:

[1] https://stackoverflow.com/questions/54503855/permissions-not-working-using-django-guardian-for-djangorestframework

[2] https://medium.com/djangotube/django-roles-groups-and-permissions-introduction-a54d1070544

django
#python #permission #django #django-guardian
Django object-based permisson
https://r-future.github.io/post/object-level-permission-not-working/
Author
Future
Posted on
July 12, 2022
Licensed under