Setting Django admin permissions programmatically

Question

The Django site I'm working on has the possibility for users to sign up for an account. To provide them with some editing functionality, I use the built-in Django admin. However, I'm having a problem: After a user has signed up, they don't have any permissions inside the Django admin, not even view permissions. Thus my question: How do I, in code, assign admin permissions to the user for the relevant models, in the same way I can assign them manually in the "User Permissions" section when editing the user in the admin? I've already tried with the usual has_xxx_permissions() using custom ModelAdmin classes, but that didn't work. So my guess is that I overlooked something obvious. Any ideas?

Relevant answers [here](http://stackoverflow.com/questions/10131271/invalid-literal-error-when-adding-a-user-permission-to-a-django-user-object/10131510#10131510) and [here](http://stackoverflow.com/questions/10252332/how-to-add-permissions-in-django-to-models-and-test-it-using-the-shell/10252613#10252613). — dgel, Jun 01 '12 at 15:33

score 9 · Answer 1 · edited Jul 29 '15 at 17:06

9

https://docs.djangoproject.com/en/dev/topics/auth/default/#permissions-and-authorization

new_user.user_permissions.add(permission1, permission2, etc...)

edited Jul 29 '15 at 17:06

lampslave

1,431
1
15
20

answered Jun 01 '12 at 15:34

dm03514

54,664
18
108
145

1

Only `user.user_permissions.add()` worked for me. Django 1.4 raised `AttributeError: 'User' object has no attribute 'permissions'` if I tried just ``user.permissions.add()``. – tar May 15 '14 at 03:08

Chris Pratt · Answer 2 · 2012-06-01T18:26:39.760

5

For your purposes, it would probably be much more easy and and efficient to assign all new users to a particular group, and then give that group all the permissions the user needs. Any member of the group will inherit those permissions as well.

You can create the group and assign the permissions to it in the admin. Then, you just need to add something like the following to your registration code.

try:
    group = Group.objects.get(name='The User Group')
except Group.DoesNotExist:
    # group should exist, but this is just for safety's sake, it case the improbable should happen
    pass
else:
    user.groups.add(group)

edited Jun 01 '12 at 18:26

answered Jun 01 '12 at 15:50

Chris Pratt

232,153
36
385
444

I suppose it could be done this way, but applying the permissions directly to the users seems "nicer" to me (okay, probably just a matter of taste). But I'll keep this in mind for other use cases. – Timo Jun 02 '12 at 16:04
@Timo I'm exactly the same; even though in theory a group is more elegant, it's another thing to make sure is in place. I think when I need to do this sort of thing more I'll switch to groups, but for now I'm going to stick with direct perms. – Rob Grant Sep 10 '14 at 10:33
Actually, dgel's code samples (linked to [below](http://stackoverflow.com/a/10863809/61938)) changed my mind. Groups it is! – Rob Grant Sep 10 '14 at 10:36

score 3 · Answer 3 · edited May 23 '17 at 10:29

dgel's answer pointed me in the direction which lead to a working solution for me. Essentially, what he seems to be suggesting is:

Retrieve a ContentType for the model you want to set permissions for. In this context, a content type is an object that holds information about a Django model.
Create a Permission object consisting of the content type and the action you want to allow inside the admin, using Permission.objects.get(). The only difficulty here is figuring out the codename parameter, which, for admin permissions, consists of an action ("add", "change" or "delete"), an underscore, and the model name. So if you have a model called Foo and you want to create all permissions for it, you'll need 3 permissions, each with the content type of your Foo model plus the code names add_foo, change_foo, and delete_foo.
Assign these permissions using user.user_permissions.add(permission).

Head over to dgel's answers for code examples. Looking at a data dump of the auth app (manage.py dumpdata auth) of an existing Django database provided me with insights into the inner workings of permissions, too.

score 2 · Answer 4 · answered Jan 10 '17 at 16:16

I'll answer your question exactly since I found this question with Google. I'll show what I'm doing in Django 1.9 with groups, then show how to do it to a user.

from django.contrib.auth.models import Group, Permission group, __ = Group.objects.get_or_create(name='my_group')

permissions = Permission.objects.all()
for p in permissions:
    group.permissions.add(p)
group.save()

It's pretty easy to adapt to user:

from django.contrib.auth.models import Permission
permissions = Permission.objects.all()
for p in permissions:
    youruser.user_permissions.add(p)
youruser.save()

I prefer group because you may be adding permissions in the future and can just add to group instead of re-doing all users.

is `youruser.save()` or `group.save()` necessary? This is a m2m link - and group.permissions.add(p) should be everything you need. no `save()` necessary IMHO. — nerdoc, Oct 21 '22 at 19:59

score 1 · Answer 5 · answered Feb 05 '14 at 16:12

As of Django 1.6:

Every User has a many-to-many field user_permissions to Permission - you can add permissions to this:

your_user.user_permissions.add(permission)

v1.6 Docs:

Django.contrib.auth API (shows User, Group and Permission objects)
Auth default permissions (shows how to clear, add, remove)

Setting Django admin permissions programmatically

5 Answers5