Bird
Raised Fist0
Djangoframework~20 mins

Built-in permission system in Django - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Django Permissions Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output of this Django permission check?
Consider a Django view where a user tries to access a resource. The code snippet below checks if the user has the permission 'app.view_resource'. What will be the output if the user does NOT have this permission?
Django
if request.user.has_perm('app.view_resource'):
    result = 'Access granted'
else:
    result = 'Access denied'
print(result)
AAccess granted
BAccess denied
CPermissionError exception raised
DFalse
Attempts:
2 left
💡 Hint
Remember that has_perm returns a boolean indicating if the user has the permission.
state_output
intermediate
2:00remaining
What is the value of user.get_all_permissions() after adding a group?
Given a user with no permissions initially, you add the user to a group that has the permission 'app.change_item'. What will user.get_all_permissions() return?
Django
group = Group.objects.create(name='Editors')
permission = Permission.objects.get(codename='change_item')
group.permissions.add(permission)
user.groups.add(group)
perms = user.get_all_permissions()
A{'app.change_item'}
B{'change_item'}
Cset()
D['app.change_item']
Attempts:
2 left
💡 Hint
get_all_permissions returns a set of strings in the format 'app_label.codename'.
📝 Syntax
advanced
2:00remaining
Which option correctly assigns a permission to a user?
You want to assign the permission 'app.delete_post' to a user instance. Which code snippet correctly does this?
Auser.user_permissions.add(Permission.objects.get(codename='delete_post'))
Buser.user_permissions.add(Permission('app.delete_post'))
Cuser.user_permissions.add('app.delete_post')
Duser.user_permissions.add('delete_post')
Attempts:
2 left
💡 Hint
user_permissions.add expects Permission model instances, not strings.
🔧 Debug
advanced
2:00remaining
Why does this permission check always fail?
A developer writes this code to check if a user has permission to add an object: if user.has_perm('app.add_model'): print('Can add') else: print('Cannot add') But it always prints 'Cannot add' even though the user has the permission assigned. What is the likely cause?
AThe user object is not authenticated, so has_perm always returns False.
BThe has_perm method requires the full permission name including the app label and model name separated by a dot, but 'app.add_model' is missing the app label.
CThe permission string should be 'app.add_models' plural, not singular.
DThe permission codename is incorrect; it should be 'add_modelname' with the exact model name in lowercase.
Attempts:
2 left
💡 Hint
Check the exact permission codename format Django uses.
🧠 Conceptual
expert
2:00remaining
Which statement about Django's built-in permission system is TRUE?
Select the correct statement about how Django's built-in permission system works.
ACustom permissions cannot be added to models without modifying Django's core code.
BPermissions are stored as strings and checked by comparing strings manually in views.
CDjango automatically creates add, change, delete, and view permissions for each model.
DPermissions are only assigned directly to users; groups do not affect permissions.
Attempts:
2 left
💡 Hint
Think about what Django does automatically when you create models.

Practice

(1/5)
1. What is the purpose of Django's built-in permission system?
easy
A. To control what actions users can perform in the application
B. To manage database migrations automatically
C. To style the user interface with CSS
D. To optimize query performance

Solution

  1. Step 1: Understand the role of permissions

    Django's permission system is designed to control user access and actions within the app.

  2. Step 2: Eliminate unrelated options

    Options about migrations, styling, and query optimization are unrelated to permissions.

  3. Final Answer:

    To control what actions users can perform in the application -> Option A

  4. Quick Check:

    Permission system controls user actions = D [OK]
Hint: Permissions control user actions, not database or styling [OK]
Common Mistakes:
  • Confusing permissions with database migrations
  • Thinking permissions handle UI styling
  • Assuming permissions optimize queries
2. Which of the following is the correct way to check if a user has a permission in Django?
easy
A. user.permission('app_label.permission_codename')
B. user.check_permission('app_label.permission_codename')
C. user.has_perm('app_label.permission_codename')
D. user.can('app_label.permission_codename')

Solution

  1. Step 1: Recall Django's permission check method

    The correct method to check permissions is has_perm on the user object.

  2. Step 2: Verify method names

    Other options like check_permission, permission, or can do not exist in Django's user model.

  3. Final Answer:

    user.has_perm('app_label.permission_codename') -> Option C

  4. Quick Check:

    Use has_perm() to check permissions = A [OK]
Hint: Remember: user.has_perm() is the official permission check [OK]
Common Mistakes:
  • Using incorrect method names like check_permission
  • Trying to call permission as a property
  • Assuming 'can' method exists on user
3. Given the following code snippet, what will be the output if the user has the permission 'blog.add_post'? 
if user.has_perm('blog.add_post'):
    print('Permission granted')
else:
    print('Permission denied')
medium
A. Permission granted
B. Error: has_perm method not found
C. Permission denied
D. No output

Solution

  1. Step 1: Understand the has_perm method behavior

    If the user has the permission 'blog.add_post', has_perm returns True.

  2. Step 2: Follow the if-else logic

    Since has_perm returns True, the code prints 'Permission granted'.

  3. Final Answer:

    Permission granted -> Option A

  4. Quick Check:

    has_perm True prints 'Permission granted' = C [OK]
Hint: True from has_perm means permission granted message [OK]
Common Mistakes:
  • Assuming has_perm returns False incorrectly
  • Expecting an error from has_perm method
  • Thinking no output occurs
4. Identify the error in this code snippet that checks user permissions: 
if user.has_perm('blog.add_post'):
print('Allowed')
else:
print('Denied')
medium
A. Incorrect permission codename format
B. Using print instead of return
C. has_perm method does not exist on user
D. Missing indentation inside if and else blocks

Solution

  1. Step 1: Check Python syntax rules for blocks

    Python requires indentation inside if and else blocks to define their scope.

  2. Step 2: Identify the missing indentation

    The print statements are not indented, causing a syntax error.

  3. Final Answer:

    Missing indentation inside if and else blocks -> Option D

  4. Quick Check:

    Python needs indentation in blocks = B [OK]
Hint: Always indent code inside if/else blocks in Python [OK]
Common Mistakes:
  • Ignoring indentation errors
  • Thinking permission codename format is wrong
  • Assuming has_perm method is missing
  • Confusing print with return in this context
5. You want to assign the permission 'polls.change_vote' to a group named 'Editors'. Which is the correct way to do this in Django?
hard
A. group = Group.objects.create(name='Editors') permission = Permission.objects.filter(codename='change_vote') group.add_permission(permission)
B. group = Group.objects.get(name='Editors') permission = Permission.objects.get(codename='change_vote', content_type__app_label='polls') group.permissions.add(permission)
C. group = Group.get(name='Editors') permission = Permission.get(codename='change_vote') group.permissions.append(permission)
D. group = Group.objects.get(name='Editors') permission = Permission.objects.get(name='change_vote') group.permissions.add(permission)

Solution

  1. Step 1: Retrieve the existing group and permission correctly

    Use Group.objects.get(name='Editors') to get the group. Use Permission.objects.get with codename and content_type__app_label to get the exact permission.

  2. Step 2: Add the permission to the group's permissions

    Use group.permissions.add(permission) to assign the permission.

  3. Final Answer:

    group = Group.objects.get(name='Editors') permission = Permission.objects.get(codename='change_vote', content_type__app_label='polls') group.permissions.add(permission) -> Option B

  4. Quick Check:

    Use get() and add() with correct filters = A [OK]
Hint: Use get() with codename and add() to assign permission [OK]
Common Mistakes:
  • Using create() instead of get() for existing group
  • Using filter() without get() for single permission
  • Wrong method names like add_permission or append
  • Using name instead of codename for permission lookup