CODEWITHSUNDEEP
pythondjangopermissionsrbac
openHBP
openHBP

Reputation: 691

Django group permission activate

If you have django.contrib.auth in your INSTALLED_APPS django will automatically create add, change, delete and view permissions to every model in your system (or any one you add later). These are stored in auth_permission.

In django doc, here is what we can read under Groups section: django.contrib.auth.models.Group models are a generic way of categorizing users so you can apply permissions, or some other label, to those users. A user can belong to any number of groups. A user in a group automatically has the permissions granted to that group. For example, if the group 'Site editors' has the permission can_edit_home_page, any user in that group will have that permission.

I've a group with no permission at all (call it NADA) and I've assign that group to a specific user (let's call him Pierre). Pierre can still connect and create, update, delete or view anything on my web interface.

How can I make it working? There's few or no doc on the web for native Django Permission.

I thought it was extremely simple to implement CRUD access to any model class!

Wrong?

Do I miss something?

Note: Working with Python3.6 and Django 2.1.3

Upvotes: 0

Views: 1585

Answers (1)

noor3240552
noor3240552

Reputation: 11

Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.

First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.

If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.

Upvotes: 1

Related Questions