User Groups with Custom Permissions in Django
You must have encountered with something like , trip booking services with different plans and packages or gym plan with different subscription level. The thing here is that, there are a list of product which you get those on subscribing to different packages that are provided by the company to whom subscription package you are taking . Generally the generic idea they follow is like the level wise distribution of different products .
Let’s take the Tour subscription package over internet, then there are differ offers/plan/package like:-
1. Starter plan:- In this package you will get the facility of non-AC bus travel and 1 day stay in a non-AC room only.Let’s say the trip is to to Haridwar( a religious place in Uttarakhand) .
2. Golden Plan:- It will be somewhat costly than the Starter Plan. In this plan you will be given all a 2-day stay in a non-AC room, travelling in a AC bus and the trip will be to Haridwar, Rishikesh and Mussoorie .
3. Diamond Plan:- This is the most costly plan, in which you will be provided a 3 day plan with AC bus, and AC room stay along with trip to Haridwar, Rishikesh and Mussoorie and also a trip to a Water Park .
Well, i just tried to give you a very simple example. Now our main objective is to design, and write code of it’s back-end in a very efficient way (following the DRY Principle) .
There are multiple methods of implementing this in Django but the most suitable and efficient method is making a Grouping the Users and defining the permissions of these groups .The user of that particular group will automatically inherit the permission of that group in which it is. But first let’s define the User model.
Create a Django application ‘users’ then in models.py file under ‘users’ app directory write this code.
from django.contrib.auth.models import AbstractUser
from django.utils import timezone
from django.db import models
“””Define the extra fields related to User here”””
first_name = models.CharField(_(‘First Name of User’), blank = True, max_length = 20)
last_name = models.CharField(_(‘Last Name of User’), blank = True, max_length = 20)
# — — — Some more User fields according to your need — — — —
# This is the most important part to look upon to
# define the custom permissions related to User.
permissions = ((“can_go_in_non_ac_bus”, “To provide non-AC Bus facility”),
(“can_go_in_ac_bus”, “To provide AC-Bus facility”),
(“can_stay_ac-room”, “To provide staying at AC room”),
(“can_stay_ac-room”, “To provide staying at Non-AC room”),
(“can_go_dehradoon”, “Trip to Dehradoon”),
(“can_go_mussoorie”, “Trip to Mussoorie”),
(“can_go_haridwaar”, “Trip to Haridwaar”),
(“can_go_rishikesh”, “Trip to Rishikesh”))
# — — other custom permissions according to your needs — — — — -
After migrating our models that we wrote above, we have two option to for making a group .
1. Django Admin Pannel :- In Admin Panel you will see “Group” in bold letter, Click on that and make 3 different group named ‘level0’, ‘level1’, ‘level2’ . and define the custom permissions according to your needs.
2. By Programmatically creating a group with permissions :- Open python shell by ‘python manage.py shell’.
from django.contrib.auth.models import Group, Permission
from django.contrib.contenttypes.models import ContentType
#import User model
from users.models import User
new_group, created = Group.objects.get_or_create(name =’new_group’)
# Code to add permission to group ???
ct = ContentType.objects.get_for_model(User)
# Now what — Say I want to add ‘Can go Haridwar’ permission to level0?
permission = Permission.objects.create(codename =’can_go_haridwar’,
name =’Can go to Haridwar’,
content_type = ct)
We will set different set of permissions in the same way to all the three groups .Until now we have made groups and linked it with custom permissions that we made
Now we have to check that a particular user is accessing the appropriate functionality like, we have to put a limit that level0 does not access the functionalities of level1 users or level2 user and so on. To do this we will check the permission on every view function that we made .
To be very careful here that, for the function based view we will simple use the custom decorator.
For more knowledge here is the code
The things get a bit complex when we talk about class-based views, we can not simple just add a decorator function, but we have to make a permission-mixing class.
class DemoView(GroupRequiredMixin, View):
group_required = [u’admin’, u’manager’]
# View code…
For more you can take help from here
To show strongly recommend and practice links :
Feel free to write comments for any modification /suggestion)
Happy Hacking :)