Django ORM prepopulate permissions for custom groups

darkNavi · January 17, 2021, 9:24am

My goal is:

to have created custom Groups and populated with permissions for specific models. All that immediately after or during application starts

Question:

What is the most appropriate way to achieve that?

For example my custom group is MY_CUSTOM_GROUP and i want to add change and view permissions for Model Book to that group

KenWhitesell · January 17, 2021, 2:56pm

You can create a custom admin command to perform specific model initialization before you start the app for the first time. You would then run your command after migrate but before you start the app.

darkNavi · January 17, 2021, 3:33pm

As for now, i have three different ways to accomplish my task:

Write custom manual migration and put it into migrations folder (therefore they will be applied when executing python manage.py migrate)
Write fixture for groups and permissions (dump and loaddata respectively)
Your variant

Can you tell me please what is the advantages of your variant (3) ?

KenWhitesell · January 17, 2021, 3:47pm

#1 and #3 are effectively the same - it’s a matter of how / when it’s going to be used, and how (if) you manage / “groom” your migration files on a periodic basis.

#2 can create problems in the case of a complete rebuild / new installation unless you use natural keys for all the appropriate tables. (You have no guarantees that the PKs are going to be the same every time.)

All three can work, and I’d say that the decision among them is a personal / organizational decision, not a technical one.

darkNavi · January 17, 2021, 4:45pm

I’m not sure if i understand natural keys completely right, but lets imagine following situation:

we have two groups group_A and group_B and two users user_ADMIN and user_1. user_ADMIN belongs to group_A and user_1 belongs to group_B. i make dump with natural keys for table group and table permissions. NOT for users.
QUESTION:
is it possible that when i load that data with groups and permissions i can get reassigned groups to users incorrect way such that i will get user_1 for group_A and user_ADMIN for group_B because of auto-generating primary keys for groups in case of using natural keys feature???

P.S.

All the way while dumping and loading back tables group and permissions all existing users stay untouched. I mean all users follow to exist between dump and load operations.

P.P.S.
i do understand that between tables group and permissions never gonna be mistakes while i use natural keys.

KenWhitesell · January 17, 2021, 7:59pm

Keep in mind that the relationships between Users and Groups is a many-to-many relationship, that dumpdata manages on the User side of that relationship, not the group. (The User model has the field groups, Group does not have a field users.) This means that if you dump (unload) the set of groups and don’t dump the users, that relationship between them is lost. Reloading groups without reloading users loses group membership information. (You can see this if you do a dumpdata of both users and groups.)

darkNavi · January 18, 2021, 6:49am

Now i’ve got it. Thanx a lot for such explanation!

Topic		Replies	Views
Create groups and add permissions to them in migrations Using Django	2	2851	January 28, 2022
Default Permission, Group, User Tables created by migration Using the ORM	5	3020	June 17, 2022
Is there any document that I can read about Groups and Permissions 101? Getting Started	4	2078	August 19, 2022
Using default permissions in migrations and fixtures for tests Forms & APIs	2	1853	March 18, 2022
Django custom Permission & Groups Table / Model Forms & APIs	3	726	April 14, 2024

Django ORM prepopulate permissions for custom groups

Related topics