I found it a little difficult finding solid information about implementing user permission checks for Django.
After reading numerous sites and tutorials, I've combined a few methods to make it a bit easier.
Rather than inserting the permissions into the database manually, use the Meta attribute in your models (from Satchmo Project).
01.class Caption(models.Model):02. """03. Example model with permission.04. """05. # Your field declarations06. title = model.TextField()07. description = model.TextField()08. 09. class Meta:10. permissions = (11. ("is_caption_moderator", "Caption Moderator"),12. )After setting up the permissions, use ./manage.py syncdb to install these permissions into the database.
Now you can simply check for sufficient permissions as long as you have the user object.
1.def your_view(request):2. if request.user.has_perm('is_caption_moderator') == False:3. # Do something here like return HttpResponseNotAllowed()4. 5. # The rest of your view hereLastly, remember to grant specific permissions to users when moving this code live because the admin user automatically has access to everything.
