Hi Predator, Permission checks need to be manually added to each view, on a case-by-case basis. Django can't "interpret" what your view is trying to do - all user views look the same to Django - so you need to provide the extra information to describe which permissions are needed at any given part in a view.
For example, you might require "View" permissions to GET a particular view, but require a Change permission (or multiple change permissions, if you're modifying multiple objects, or even a custom permission) to POST to the same view. The easiest way to do this is to put the @permission_required decorator on a view: https://docs.djangoproject.com/en/1.8/topics/auth/default/#the-permission-required-decorator However, you can also use user.has_perm('foo.add_bar') method inside a view (returning a 404 or 403 if the test fails) if you need a more fine-grained approach. Yours, Russ Magee %-) On Thu, Aug 13, 2015 at 10:24 AM, Predator <[email protected]> wrote: > Hi there! > > I have a question regarding user permissions. > > How can I use the user permissions that I have set in the admin to my > django app? > > For example, I have a user* 'Trainee'* and in django admin, I set > *'Trainee'* to only add to my model. So, 'Trainee' can only add to this > model, not change and delete it. When I logged in to* my app*, I can > still delete and change. I may be missing some vital points and I hope > someone can point me to the right direction. > > Thanks and have a great day! > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/d64cc98d-40c7-43b1-aecc-25fc7a1d752c%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/d64cc98d-40c7-43b1-aecc-25fc7a1d752c%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJxq8495Ds_gQ%3DOkraOuE%3D5LrVBjE%2B%3D1um32HBxAHLPtBS6FXw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
