I'm working on the permissions on a Django 4.1 application. All these permissions are given by groups. First permission first problem:
Permission codename: can_see_all_images appname for the permission: dating group having this permission: X-Gold
As you can see on the screenshot it seems that all the informations are correct:
First line: User is in the group Second line, the group has the permission Third line: The permission has the good codename but line4: the user doesn't have the perm.
I restarted the server disconnected the user and reconnected it, nothing changed. Note that if I give the permission directly to the user, it doesn't work. So I guess the problem does not come from the group.
Any idea?
Here is how the permission is created in the model:
permissions = [('can_see_all_images', _('Can see all images'))]
edit: my view code:
@login_required
def public_images(request, slug):
visited = get_object_or_404(User, slug=slug, is_active=True)
user = User.objects.get(id=request.user.id)
if user.has_perm('dating.can_see_all_images'):
print('ok')
else:
print('KO')
return render(request, 'dating/public_images.html', locals())
Thanks in advance
CodePudding user response:
try using the example given below
user_id = request.data.get('user_id') #any existing user id
user = User.objects.get(id=user_id) # get the user object first
if user.has_perm('dating.can_see_all_images'):
pass
else:
res = {
"message": f"You are not authorized to access API"
}
pass
if still stuck after this, then please add your code.
CodePudding user response:
I found the problem, so I post it here in case someone meet the same.
I am using a custom authentication backend. This backend inherits from BasicBackend. In this case you have to redefine the has_perm() method because in the BaseBackend the original method return an empty tuple.
If you don't want to redefine it you need to inherit from ModelBackend and not BaseBackend.