Djangoframework~10 mins

Built-in permission system in Django - Step-by-Step Execution

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Concept Flow - Built-in permission system

Define Model

↓

Django auto-creates permissions

↓

Assign permissions to Users/Groups

↓

Check permissions in views/templates

↓

Allow or deny access based on permission

Django creates default permissions for each model, which you assign to users or groups. Then you check these permissions to control access.

Execution Sample

Django

from django.contrib.auth.models import User
user = User.objects.get(username='alice')
if user.has_perm('app.view_model'):
    print('Access granted')
else:
    print('Access denied')

This code checks if user 'alice' has the permission to view a model in 'app'.

Execution Table

Step	Action	Evaluation	Result
1	Get user 'alice'	User object fetched	user = User object
2	Check permission 'app.view_model'	user.has_perm('app.view_model')	True or False
3	If True	Print 'Access granted'	Output: Access granted
4	If False	Print 'Access denied'	Output: Access denied

💡 Permission check ends with either access granted or denied message

Variable Tracker

Variable	Start	After Step 1	After Step 2	Final
user	None	User object for 'alice'	User object for 'alice'	User object for 'alice'
permission_check	None	None	True or False	True or False
output	None	None	None	'Access granted' or 'Access denied'

Key Moments - 3 Insights

Why does Django create permissions automatically for models?

How does user.has_perm('app.view_model') know if permission is granted?

What happens if the user does not have the permission?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution table, what is the value of 'permission_check' after Step 2?

AAlways True

BTrue or False depending on user permissions

CUser object

DNone

Concept Snapshot

Django creates default permissions (add, change, delete, view) for each model.
Assign these permissions to users or groups.
Use user.has_perm('app.permission_codename') to check permissions.
Control access in views or templates based on these checks.
If permission is missing, deny access gracefully.

Full Transcript

Django's built-in permission system automatically creates four permissions for each model: add, change, delete, and view. These permissions can be assigned to users or groups to control what actions they can perform. In code, you retrieve a user object and check if they have a specific permission using user.has_perm('app.permission_codename'). Depending on the result, you allow or deny access, for example by printing 'Access granted' or 'Access denied'. This system helps keep your app secure by controlling access based on assigned permissions.