Admin Integration¶
Use Django User Admin Site to manage roles and permissions interactively.
Permission Names¶
Permissions defined in roles.py
are given ‘human-friendly’ names.
All such permissions are assigned to the auth | user
Content Type.
Permission names are a Title Case version of the snake_case or camelCase permission codename, so…
create_medical_record
is namedauth | user | Create Medical Record
enterSurgery
is namedauth | user | Enter Surgery
RolePermissions User Admin¶
Assign / remove roles when editing Users in the Django User Admin Site.
-
RolePermissionsUserAdmin
()¶ Custom
django.contrib.auth.admin.UserAdmin
that essentially adds the following logic. To be used with standard django User model:remove_role(user, group)
is called for each Group, removed via the Admin, that represents a role.assign_role(user, group)
is called for each Group, added via the Admin, that represents a role.
Opt-in with
setting
: ROLEPERMISSIONS_REGISTER_ADMIN = True
-
RolePermissionsUserAdminMixin
()¶ Mixin the functionality of
RolePermissionsUserAdmin
to your own customUserAdmin
class. To be used with custom User model:class MyCustomUserAdmin(RolePermissionsUserAdminMixin, django.contrib.auth.admin.UserAdmin): ...
Warning
remove_role
removes every permission associated with a removed Group
,
regardless of how those permissions were originally assigned.
See remove_role()
Management Commands¶
django-admin sync_roles
Ensures that django.contrib.auth.models
Group
and Permission
objects exist
for each role defined in roles.py
This makes the roles and permissions defined in code immediately acccessible via the Django User Admin
Note
sync_roles
never deletes a Group
or Permission
.
If you remove a role or permission from roles.py
, the corresponding Group
/ Persission
continues to exist until it is manually removed.
django-admin sync_roles --reset_user_permissions
Additionally, update every User’s permissions to ensure they include all those defined by their current roles.
Warning
--reset_user_permissions
is primarily intended for development, not production!
Changing which permissions are associated with a role in roles.py
does NOT change any User’s actual permissions!
--reset_user_permissions
simply clears each User’s roles and then re-assign them.
This guarantees that Users will have all permissions defined by their role(s) in roles.py
,
but in no way does this imply that any permissions previously granted to the User have been revoked!