Setting Django admin permissions programmatically

Question

The Django site I'm working on has the possibility for users to sign up for an account. To provide them with some editing functionality, I use the built-in Django admin. However, I'm having a problem: After a user has signed up, they don't have any permissions inside the Django admin, not even view permissions. Thus my question: How do I, in code, assign admin permissions to the user for the relevant models, in the same way I can assign them manually in the "User Permissions" section when editing the user in the admin? I've already tried with the usual has_xxx_permissions() using custom ModelAdmin classes, but that didn't work. So my guess is that I overlooked something obvious. Any ideas?

Answer 1

I'll answer your question exactly since I found this question with Google. I'll show what I'm doing in Django 1.9 with groups, then show how to do it to a user.

from django.contrib.auth.models import Group, Permission group, __ = Group.objects.get_or_create(name='my_group')

permissions = Permission.objects.all()
for p in permissions:
    group.permissions.add(p)
group.save()

It's pretty easy to adapt to user:

from django.contrib.auth.models import Permission
permissions = Permission.objects.all()
for p in permissions:
    youruser.user_permissions.add(p)
youruser.save()

I prefer group because you may be adding permissions in the future and can just add to group instead of re-doing all users.

Answer 2

https://docs.djangoproject.com/en/dev/topics/auth/default/#permissions-and-authorization

new_user.user_permissions.add(permission1, permission2, etc...)

Answer 3

As of Django 1.6:

Every User has a many-to-many field user_permissions to Permission - you can add permissions to this:

your_user.user_permissions.add(permission)

v1.6 Docs:

• Django.contrib.auth API (shows User, Group and Permission objects)
• Auth default permissions (shows how to clear, add, remove)

Answer 4

dgel's answer pointed me in the direction which lead to a working solution for me. Essentially, what he seems to be suggesting is:

1. Retrieve a ContentType for the model you want to set permissions for. In this context, a content type is an object that holds information about a Django model.
2. Create a Permission object consisting of the content type and the action you want to allow inside the admin, using Permission.objects.get(). The only difficulty here is figuring out the codename parameter, which, for admin permissions, consists of an action ("add", "change" or "delete"), an underscore, and the model name. So if you have a model called Foo and you want to create all permissions for it, you'll need 3 permissions, each with the content type of your Foo model plus the code names add_foo, change_foo, and delete_foo.
3. Assign these permissions using user.user_permissions.add(permission).

Head over to dgel's answers for code examples. Looking at a data dump of the auth app (manage.py dumpdata auth) of an existing Django database provided me with insights into the inner workings of permissions, too.

Answer 5

For your purposes, it would probably be much more easy and and efficient to assign all new users to a particular group, and then give that group all the permissions the user needs. Any member of the group will inherit those permissions as well.

You can create the group and assign the permissions to it in the admin. Then, you just need to add something like the following to your registration code.

try:
    group = Group.objects.get(name='The User Group')
except Group.DoesNotExist:
    # group should exist, but this is just for safety's sake, it case the improbable should happen
    pass
else:
    user.groups.add(group)