Permissions

Like I said at the beginning of the course, auth is usually made up of 0:00 two parts, authentication which is identifying a user, and authorization. 0:03 Authentication has already been handled in this project with registration, login and 0:08 logout views. 0:12 You can always tell who a user is. 0:13 Authorization, though, isn't something I really talked about yet. 0:15 How do you tell in Django if a user is allowed to do the thing that 0:18 they want to do? 0:21 Well you've used one form of authorization already. 0:23 Views that just require an authenticated user have a very simple form of 0:26 authorization too so long as the user is authenticated they're also authorized. 0:29 Authorization can go much deeper than that. 0:34 Django's basic form of authorization is through permissions. 0:37 Every time you create a model Django creates three new permissions. 0:40 Before I can talk about permissions, 0:44 though, I need to talk about content types, 0:45 specifically the part of Django that's known as the content types framework. 0:47 When you make a new non-abstract model of Django, Django creates a content type in 0:52 each content type instance holds an applicable like Posts and 0:57 a model name like Post. 1:01 Why store information like this in the database? 1:03 It gives you a way to refer to a specific model without knowing exactly 1:05 where that model is to find. 1:09 Each Django permission is linked to a content type. 1:11 By default you get three permissions for each content type, add, change and delete. 1:14 Add lets you add new records to the database, 1:19 Change lets you change existing records, and Delete lets you delete records. 1:21 You can also add custom permissions to your models, too. 1:26 One thing I want to explicitly point out these permissions are about models, 1:29 not model instances. 1:32 Django doesn't have a built in concept of role level, or object level permissions. 1:34 So if a user has the change post permission they can change all posts, 1:39 not just the ones that they own. 1:43 And the users that are marked as being Super Users are automatically granted 1:45 all permissions. 1:49 This is one reason why you want to make sure you only create as many Super Users 1:49 as you absolutely need. 1:53 But permissions are not just a user thing. 1:55 Groups are generic way of lumping users together and 1:57 optionally giving them permissions. 2:00 Any user can belong to as many groups as they need to, and 2:02 all members of a group have all of the permissions of the group. 2:05 Now you could of course use groups without any special permissions. 2:08 Take a little break, get a drink, do some stretches, and 2:12 then come back to see how to create custom permissions and 2:14 use permissions to control what users are allowed to do. 2:17