Programmatically create a django group with permissions
Use below code
from django.contrib.auth.models import Group, Permissionfrom django.contrib.contenttypes.models import ContentTypefrom api.models import Projectnew_group, created = Group.objects.get_or_create(name='new_group')# Code to add permission to group ???ct = ContentType.objects.get_for_model(Project)# Now what - Say I want to add 'Can add project' permission to new_group?permission = Permission.objects.create(codename='can_add_project', name='Can add project', content_type=ct)new_group.permissions.add(permission)
I needed to create a default set of groups and permission (view only) for those groups. I came up with a manage.py command that may be useful to others (create_groups.py). You can add it to your <app>/management/commands
dir, and then run via manage.py create_groups
:
"""Create permission groupsCreate permissions (read only) to models for a set of groups"""import loggingfrom django.core.management.base import BaseCommandfrom django.contrib.auth.models import Groupfrom django.contrib.auth.models import PermissionGROUPS = ['developers', 'devops', 'qa', 'operators', 'product']MODELS = ['video', 'article', 'license', 'list', 'page', 'client']PERMISSIONS = ['view', ] # For now only view permission by default for all, others include add, delete, changeclass Command(BaseCommand): help = 'Creates read only default permission groups for users' def handle(self, *args, **options): for group in GROUPS: new_group, created = Group.objects.get_or_create(name=group) for model in MODELS: for permission in PERMISSIONS: name = 'Can {} {}'.format(permission, model) print("Creating {}".format(name)) try: model_add_perm = Permission.objects.get(name=name) except Permission.DoesNotExist: logging.warning("Permission not found with name '{}'.".format(name)) continue new_group.permissions.add(model_add_perm) print("Created default group and permissions.")
Inspired by radtek's answer I created a bit better version (in my opinion).It allows specifying model as object (instead of string) and specifying all configuration in one dictionary (instead of several lists)
# backend/management/commands/initgroups.pyfrom django.core.management import BaseCommandfrom django.contrib.auth.models import Group, Permissionfrom backend import modelsGROUPS_PERMISSIONS = { 'ConnectionAdmins': { models.StaticCredentials: ['add', 'change', 'delete', 'view'], models.NamedCredentials: ['add', 'change', 'delete', 'view'], models.Folder: ['add', 'change', 'delete', 'view'], models.AppSettings: ['view'], },}class Command(BaseCommand): def __init__(self, *args, **kwargs): super(Command, self).__init__(*args, **kwargs) help = "Create default groups" def handle(self, *args, **options): # Loop groups for group_name in GROUPS_PERMISSIONS: # Get or create group group, created = Group.objects.get_or_create(name=group_name) # Loop models in group for model_cls in GROUPS_PERMISSIONS[group_name]: # Loop permissions in group/model for perm_index, perm_name in \ enumerate(GROUPS_PERMISSIONS[group_name][model_cls]): # Generate permission name as Django would generate it codename = perm_name + "_" + model_cls._meta.model_name try: # Find permission object and add to group perm = Permission.objects.get(codename=codename) group.permissions.add(perm) self.stdout.write("Adding " + codename + " to group " + group.__str__()) except Permission.DoesNotExist: self.stdout.write(codename + " not found")