class AccessMixin permission based in groups

I have many users belongs to groups.

so I want to make permission of the classes based on the user’s group.
example I have many groups like
(‘Student’,‘Doctors’,‘Geology’,‘Civil engineer’)
I have this class

class Div_EP(LoginRequiredMixin, PermissionRequiredMixin, ListView):
    permission_required =  ('Doctors','Civil engineer')
    model = Botomeqpts
    template_name = 'Home/Div_EP.html'

so the users allowed to visit this page are , Doctors and Civil engineer only.
How I correct this in this class?

Groups are not Permissions.

The appropriate mechanism for handling this is to identify an appropriate permission (perhaps view_botomeqpts?) or create a new permission (e.g. list_botomeqpts) and assign that permission to the Doctors and Civil engineer groups. Your view then checks for that permission.

How I do this special permission please?

See the docs at Customizing authentication in Django | Django documentation | Django and Using the Django authentication system | Django documentation | Django

1 Like

I added the permission to my model:

class Botomeqpts(models.Model):
    code_BtE     = models.CharField(max_length=16,unique=True)
    designation  = models.CharField(max_length=150)
    fournisseu   = models.CharField(max_length=80)
    def get_absolute_url(self):
        return reverse('MateriaSt')
    class Meta:
        ordering = ('-post_date',)
        permissions = [("Can_add_botomeqpts", "Can add botomeqpts"),]

and in my class views:

class Div_EP(LoginRequiredMixin, ListView):
    model = Botomeqpts
    template_name = 'Home/Div_EP.html'

but the user is able to visit this page with or without the permissions?


What you have done here is created a permission and (possibly) assigned it.

Your view still needs to specify that that permission is required for accessing that view.

following this video I’d created:

class UserAccessMixin(PermissionRequiredMixin):
    def dispatch(self, request, *args ,**kwargs):
        if (not self.request.user.is_authenticated):
            return redirect_to_login(self.request.get_full_path(),
        if not self.has_permission():
            return redirect('/')
        return super(UserAccessMixin, self).dispatch(request, *args ,**kwargs)

and changed my class to:

class Div_EP(UserAccessMixin, LoginRequiredMixin, ListView):
    raise_exception = False
    permission_required = 'botomeqpts.Can_add_botomeqpts'
    permission_denied_message= ""
    login_url = ''
    redirect_field_name = 'next'
    model = Botomeqpts
    template_name = 'Home/Div_EP.html'

and my home url is:

path('', views.Home, name='WikiFow'),

and I assigned to the user’s group (Geology) permission to add, delete, and edited and so to the user.

Now all the users can’t visit this page and redirected to home page (even with permissions)! Why?

You were a lot closer with your earlier attempt:

Just change the permission_required tuple to the new permission you’ve created. (Home.Can_add_botomeqpts - the first component of the reference to the permission is the app, not the model.) See the example at Using the Django authentication system | Django documentation | Django

Also, you don’t need the LoginRequiredMixin, because the AnonymousUser isn’t going to pass the permission_required test. (LoginRequiredMixin and PermissionRequiredMixin both call the AccessMixin.handle_no_permission method, so there’s no difference in what’s going to happen if the permissions aren’t present.)

Sorry Mr, but unfortunately it doesn’t work and returned the allowed user to the home page too.

class Div_EP(PermissionRequiredMixin, ListView):
    permission_required = 'Home.Can_add_botomeqpts'
    model = Botomeqpts
    template_name = 'Home/Div_EP.html'

Then you’ve got something wrong somewhere along the line. Either you don’t have the right permission assigned to the group, you don’t have the user assigned to the group, or you don’t have the right app.codename for that permission in the permission_required field. Check all your data and data assignments.