Is there any document that I can read about Groups and Permissions 101?

Previously I asked about groups and permissions, I got a lot of helpful advices and solutions.
But still I can’t understand making custom groups and permissions even I read about few documents from the Internet.
I thought I can make groups and permissions like how I made custom user model, but I didn’t find the document specified how to do it.
What I want to know it these.

  1. How to make custom groups
    Is this can be achieved by specify groups in by inherit Group class like the code below?
    I’ve already done this in my of custom user model, but I can’t see this group in admin site.
class MemberGroup(Group):
    name = "Member"
  1. How to make custom permissions
    Documents I read said Django automatically makes add, change, delete, view permission for each app.
    In fact, I don’t need additional permission for now and I think I can achieve things that I’m trying to make(each branch staff and manager only can see their branch’s data) with object filter in the
    But still I want to know this because I’m learning about Django.

  2. How to assign users to group when create user
    I think I can do this add some code in create_user in the class that inherited BaseUserManager, but I want to make it clear.

Why do you think it’s necessary to do this? (There are some implications associated with this that - in general - make this a not-recommended practice if you’re going to be using the standard Django permissions system.)

See Programmatically creating permissions

A Group is a many-to-many relationship with User - adding a User to a Group is exactly the same as creating the link between any other two objects in a many-to-many relationship.

See the docs and examples at Many-to-many relationships | Django documentation | Django

In fact, I have no reason to make custom groups.
I started learning and making Django website from scratch, but I have experience making a website with PHP based CMS.
So I’m just familar with it.
In the PHP CMS that I used, I could do these things from GUI, but Django, I need and want to make all by myself.
That’s why I’m doing this.

What I’m thinking is seperated users into four groups(member, staff, manager, superuser) and limit their some permissions like my previous question.

  • Members can see their branch’s timetable, schedules, and create their own schedule.
  • Staffs can create and edit their branch’s info, timetable, schedules, and new member in their branch.
    In addition, it’s off the topic but I also need to find out how to make search user by name in Django form because I’m planning to make staffs can add schedule for their branch’s members.
  • Managers can create and edit their branch’s staff and what staffs can do
  • Superusers can do everything.

I think my target users will not use Django admin site, but I don’t want to limit their access.

I’ve already read Django documentation programmatically creating permissions, but it makes me hard to understand because of ‘contenttypes’.
I can’t understand the concept of contenttypes even I read about it.
Plus, if I write the code similar to example in the file, isn’t it make Django create the permission every time I reload it?

About assign user to a group when create.
Is it mean I need to make group like I make model for app?

One of the strengths of Django is how much is already included in the system. You’re going to want to learn Django by finding out what it does for you so that you don’t need to recreate work that has already been done.

Pretty typical. Django will facilitate you doing these.

At this stage, you don’t need to understand what ContentTypes are or how they work. All you need to know now is that you need to get the ContentType for the model for which you wish to create a custom permission, and that’s done with this query:

content_type = ContentType.objects.get_for_model(BlogPost)

You don’t need to make the Group model. The model already exists.

You need to create the instances of Group, just like you create the instances of User before you can assign users to them.

It depends upon how / where you use that code. You could:

  • Create a custom migration
  • Create a custom management command

But again, if you don’t need custom permissions yet, you don’t need to worry about this now. You’ve got enough other things to learn without making it more difficult for yourself.

Now I think I found the reason I confused.
It’s because my lack of understanding difference between instance and model.
Every time I see answers from other people’s questions and articles about Django group, the code like group = Group.objects.get_or_create(), I thought ‘which file and where should I specify that group’s name’ and when I read about Group model from Django documentation I didn’t read carefully and thought ‘so where should I write the code and specify group’s permission’.
So, in summary, Group is the model itself and what I need to do is use it like how I handle other models, right?

Thank you for your answer.