Djangoframework~30 mins

Object-level permissions concept in Django - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Object-level permissions concept in Django

📖 Scenario: You are building a Django app where users can create and manage their own blog posts. You want to make sure that only the author of a post can edit or delete it. This is called object-level permission.

🎯 Goal: Build a simple Django model for blog posts and add a method to check if a user has permission to edit the post based on whether they are the author.

📋 What You'll Learn

Create a Django model called Post with fields title, content, and author (ForeignKey to User)

Add a boolean method can_edit(self, user) to Post that returns True if user is the author

Create a sample Post instance with a specific author

Check the permission method with a user instance

💡 Why This Matters

🌍 Real World

Object-level permissions are used in apps where users own data and should only modify their own content, like blogs, social media, or project management tools.

💼 Career

Understanding object-level permissions is important for backend developers to secure user data and implement proper access control in web applications.

Progress0 / 4 steps

Create the Post model

Create a Django model called Post with fields: title as a CharField with max length 100, content as a TextField, and author as a ForeignKey to User with on_delete=models.CASCADE.

Django

from django.db import models
from django.contrib.auth.models import User

# Define the Post model here

Need a hint?

Use models.CharField for title, models.TextField for content, and models.ForeignKey for author linking to User.

Add the permission method

Inside the Post model, add a method called can_edit(self, user) that returns True if the user is the same as the author of the post, otherwise False.

Django

from django.db import models
from django.contrib.auth.models import User

class Post(models.Model):
    title = models.CharField(max_length=100)
    content = models.TextField()
    author = models.ForeignKey(User, on_delete=models.CASCADE)

    # Add can_edit method here

Need a hint?

The method compares the user argument with self.author and returns the result.

Create a sample Post instance

Create a variable called author_user as an instance of User with username 'alice'. Then create a Post instance called post with title 'My First Post', content 'Hello world!', and author set to author_user.

Django

from django.db import models
from django.contrib.auth.models import User

class Post(models.Model):
    title = models.CharField(max_length=100)
    content = models.TextField()
    author = models.ForeignKey(User, on_delete=models.CASCADE)

    def can_edit(self, user):
        return user == self.author

# Create author_user and post instances here

Need a hint?

Create author_user with username 'alice' and then create post using that user as author.

Check edit permission for a user

Create a variable called can_edit_post that stores the result of calling post.can_edit(author_user) to check if author_user can edit the post.

Django

from django.db import models
from django.contrib.auth.models import User

class Post(models.Model):
    title = models.CharField(max_length=100)
    content = models.TextField()
    author = models.ForeignKey(User, on_delete=models.CASCADE)

    def can_edit(self, user):
        return user == self.author

author_user = User(username='alice')
post = Post(title='My First Post', content='Hello world!', author=author_user)

# Check if author_user can edit the post

Need a hint?

Call the can_edit method on post passing author_user and assign the result to can_edit_post.