Django comes with a simple permissions system. It provides a way to assign permissions to specific users and groups of users. It's used by the Django admin site, but you're welcome to use it in your own code. The Django admin site uses permissions as follows:
Access to view the add form and add an object is limited to users with the add permission for that type of object.
Access to view the change list, view the change form and change an object is limited to users with the change permission for that type of object.
Access to delete an object is limited to users with the delete permission for that type of object.
Permissions can be set not only per type of object, but also per specific object instance. By using the has_add_permission()
, has_change_permission()
and has_delete_permission()
methods provided by the ModelAdmin
class, it's possible to customize permissions for different object instances of the same type. User
objects have two many-to-many fields: groups...