I'm wondering why this code section prints out the following:
print "request.user.has_perm('bug_tracking.is_developer'): " + str(request.user.has_perm('bug_tracking.is_developer'))
print request.user.get_all_permissions()
request.user.has_perm('bug_tracking.is_developer'): True
set([])
I would expect that request.user.has_perm('bug_tracking.is_developer') returns false if the list of all permissions is empty!?
By default, Django automatically gives add, change, and delete permissions to all models, which allow users with the permissions to perform the associated actions via the admin site. You can define your own permissions to models and grant them to specific users.
With Django, you can create groups to class users and assign permissions to each group so when creating users, you can just assign the user to a group and, in turn, the user has all the permissions from that group. To create a group, you need the Group model from django. contrib. auth.
from django.contrib.auth import authenticate, login def my_view(request): username = request.POST['username'] password = request.POST['password'] user = authenticate(request, username=username, password=password) if user is not None: login(request, user) # Redirect to a success page. ... else: # Return an 'invalid ...
The Django authentication system handles both authentication and authorization. Briefly, authentication verifies a user is who they claim to be, and authorization determines what an authenticated user is allowed to do. Here the term authentication is used to refer to both tasks.
huups...was a super user ;-)
Superuser status Designates that this user has all permissions without explicitly assigning them.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With