Search code examples
pythondjangopermissionsdjango-guardian

Django permission belongs to group, but user on that group has no group's permission

I decided to not use django-guardian because If my customer delete/create Group I have to add more overhead on my ModelManager to transfer the existing permissions to new group. Therefore let the instances got filtered by filter_queryset through Django REST is fine for my case.

FailedTestCase:

from django.contrib.auth.models import User

from poinkbackend.apps.companies.models import Company
from poinkbackend.apps.roles.models import Role
from poinkbackend.apps.userroles.models import UserRole
from poinkbackend.apps.commons.tests import companies, userprofiles, branches

def test_support_view_userprofile(companies, userprofiles):
    company = Company.objects.get(name='Singh')
    support = Role.objects.add_support('firstsupport', company)
    user = User.objects.get(username='notty')
    UserRole.objects.create(user=user, role=support)
    user.refresh_from_db()
    import pdb; pdb.set_trace()
    assert True is user.has_perm('view_userprofile')

-> assert True is user.has_perm('view_userprofile')
(Pdb) user.groups.first()
<Group: firstsupport-Singh>
(Pdb) g1 = user.groups.first()
(Pdb) g1.permissions.all()
<QuerySet [<Permission: userprofiles | user profile | View UserProfile>]>
(Pdb) user.has_perm('view_userprofile')
False

Question:
Where am I wrong?

Update 16 Nov 2017 10:30 GMT+7 Add 4th url Gists:
Company : https://gist.github.com/elcolie/684ba34391d0a94df7ca98855cea765b
Role : https://gist.github.com/elcolie/64a3a3daf22240b2072e113eb10164e2
UserRole: https://gist.github.com/elcolie/d28e7fcf54334a9f13df5fff1b7d9fe0
BusinessPermisson: https://gist.github.com/elcolie/bbeb00f41db0c7884cee34c6bccaf5f9

References:
Django user has_perm returning false even though group has permission
Django user not getting the assigned group's permissions
django group permission

Solution

  • Although I found the root cause of the error. I have updated my question according to @Adam Dobrawy comment.

    The problem is I mixed up the command of guardian. django-guardign syntax can use without app_label in front of it. In my case it is userprofiles

    I have to replace the line user.has_perm('view_userprofile') with user.has_perm('userprofiles.view_userprofile')

    Again. Thank you very much Adam for your time and effort reading my question.