Django ORM prepopulate permissions for custom groups

My goal is:

  • to have created custom Groups and populated with permissions for specific models. All that immediately after or during application starts

Question:

  • What is the most appropriate way to achieve that?

For example my custom group is MY_CUSTOM_GROUP and i want to add change and view permissions for Model Book to that group

You can create a custom admin command to perform specific model initialization before you start the app for the first time. You would then run your command after migrate but before you start the app.

1 Like

As for now, i have three different ways to accomplish my task:

  1. Write custom manual migration and put it into migrations folder (therefore they will be applied when executing python manage.py migrate)
  2. Write fixture for groups and permissions (dump and loaddata respectively)
  3. Your variant

Can you tell me please what is the advantages of your variant (3) ?

#1 and #3 are effectively the same - it’s a matter of how / when it’s going to be used, and how (if) you manage / “groom” your migration files on a periodic basis.

#2 can create problems in the case of a complete rebuild / new installation unless you use natural keys for all the appropriate tables. (You have no guarantees that the PKs are going to be the same every time.)

All three can work, and I’d say that the decision among them is a personal / organizational decision, not a technical one.

I’m not sure if i understand natural keys completely right, but lets imagine following situation:

  • we have two groups group_A and group_B and two users user_ADMIN and user_1. user_ADMIN belongs to group_A and user_1 belongs to group_B. i make dump with natural keys for table group and table permissions. NOT for users.
    QUESTION:
  • is it possible that when i load that data with groups and permissions i can get reassigned groups to users incorrect way such that i will get user_1 for group_A and user_ADMIN for group_B because of auto-generating primary keys for groups in case of using natural keys feature???

P.S.

All the way while dumping and loading back tables group and permissions all existing users stay untouched. I mean all users follow to exist between dump and load operations.

P.P.S.
i do understand that between tables group and permissions never gonna be mistakes while i use natural keys.

Keep in mind that the relationships between Users and Groups is a many-to-many relationship, that dumpdata manages on the User side of that relationship, not the group. (The User model has the field groups, Group does not have a field users.) This means that if you dump (unload) the set of groups and don’t dump the users, that relationship between them is lost. Reloading groups without reloading users loses group membership information. (You can see this if you do a dumpdata of both users and groups.)

Now i’ve got it. Thanx a lot for such explanation! :slight_smile: