What is Built-in permission system in Django?

Djangoframework~5 mins

Built-in permission system in Django

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Introduction

Django's built-in permission system helps control who can do what in your web app. It keeps your app safe and organized by managing user rights easily.

You want to let only certain users add or edit content.

You need to restrict access to parts of your website based on user roles.

You want to check if a user can delete or view specific data.

You want to create admin panels with different access levels.

You want to avoid writing custom code for user permissions.

Syntax

Django

from django.contrib.auth.models import Permission

# Check if a user has a permission
user.has_perm('app_label.permission_codename')

# Assign a permission to a user
user.user_permissions.add(permission)

# Remove a permission from a user
user.user_permissions.remove(permission)

Permissions are linked to models and have codenames like 'add_modelname', 'change_modelname', 'delete_modelname'.

Use 'app_label.permission_codename' format to check permissions.

Examples

Checks if the user can add a blog post.

Django

user.has_perm('blog.add_post')

Adds the permission to change posts to the user.

Django

from django.contrib.auth.models import Permission
perm = Permission.objects.get(codename='change_post')
user.user_permissions.add(perm)

Checks if the user can delete other users.

Django

user.has_perm('auth.delete_user')

Sample Program

This example creates a user named 'alice', gives her permission to add blog posts, and then checks if she has that permission.

Django

from django.contrib.auth.models import User, Permission

# Create a user
user = User.objects.create_user('alice', password='password123')

# Get permission to add posts
perm = Permission.objects.get(codename='add_post')

# Assign permission to user
user.user_permissions.add(perm)

# Check permission
can_add = user.has_perm('blog.add_post')

print(f"User can add post: {can_add}")

OutputSuccess

Important Notes

Permissions are automatically created for each model: add, change, delete.

Superusers have all permissions by default.

Use groups to assign permissions to many users easily.

Summary

Django's permission system controls user actions simply.

Use has_perm to check permissions.

Assign permissions directly or via groups.