Django - get current user permissions in a view?

django user model
django add user to group
django login
django get user model
django authentication
django import user model
django custom permissions
django add permission to user

Im trying to get the current logged on users permissions

My current attempt below returns an error

   from django.contrib.auth.models import Permission
   from django.contrib.auth.models import User
   permissions = Permission.objects.filter(


int() argument must be a string, a bytes-like object or a number, not 'DeferredAttribute'

does anyone know how I can do this? is there a simpler way?


You get the error because User is the user model. You should use request.user to access the logged-in user.

def my_view(request):
    # Individual permissions
    permissions = Permission.objects.filter(user=request.user)

    # Permissions that the user has via a group
    group_permissions = Permission.objects.filter(group__user=request.user)

You should probably check that the user is logged in (e.g. use login_required).

Note and that the user may have permissions because of a group that they are in, or because they are a superuser (which is equivalent to having all permissions).

Python, : Open python shell using python shell . With the help of Django Admin I have added a user to the group EuropartsBuyer. When I use the following code in another view. if request.user.has_perm('can_add_cost_price'): do something the result is supposed to be True but it is showing False. Thus, the code under the if clause doesn't run.

Also in Django 3.0 or above, according to the doc you can use:


Returns a set of permission strings that the user has directly.

or to get all permissions:


Django Get All Users, How do you check if a user is logged in Django? Overview. Django provides an authentication and authorization ("permission") system, built on top of the session framework discussed in the previous tutorial, that allows you to verify user credentials and define what actions each user is allowed to perform.

Just updating @Alasdair answer for other users looking to do in oneline,

from django.db.models import Q
from django.contrib.auth.models import Permission

# All permissions
permissions = Permission.objects.filter(Q(user=user) | Q(group__user=user)).all()

How to Check if a User is Logged In or Not in Django, The ModelBackend caches permissions on the user object pk=user_id) # any permission check will cache the current set  It can sometimes be useful to completely override the permissions in Django admin. A common scenario is when you use permissions in other places, and you don’t want staff users to make changes in the admin. Django uses hooks for the four built-in permissions. Internally, the hooks use the current user’s permissions to make a decision.

In case you are trying to put restrictions using group permissions, you can use the below decorator.

from django.contrib.auth.decorators import user_passes_test

Now you can use it to check if user is in a group.

@user_passes_test(lambda u: u.has_perm('Utilization.can_edit_invoice'))
def edit_invoice(request, invoice_pk):
    invoice = Invoice.objects.get(pk=invoice_pk)
    if request.method == 'POST':
        form = forms.AddInvoiceForm(request.POST, instance=invoice)
        if form.is_valid():
            return HttpResponseRedirect(invoice.get_absolute_url())
        form = forms.AddInvoiceForm(instance=invoice)
        args = {'form':form}
        return render(request, 'Invoice/add_invoice.html', args)

Using the Django authentication system, Is set to the current date/time by default when the account is created. This does not imply any permissions and doesn't check if the user is active or has a valid  from django.contrib import auth from django.contrib.auth import get_user_model from import BaseCommand class Command (BaseCommand): help = 'Get a list of all permissions available in the system.' def handle (self, * args, ** options): permissions = set # We create (but not persist) a temporary superuser and use it to

django.contrib.auth | Django documentation, How to Check Permissions; How to Enforce Permissions; Django current user permissions through a special template variable called perms . get_group_permissions() Returns a list of permission strings that the user has through the groups he or she belongs to. get_all_permissions() Returns a list of permission strings that the user has, both through group and user permissions. has_perm(perm) Returns True if the user has the specified permission, where perm is in the format "package

What You Need to Know to Manage Users in Django Admin – Real , We'll also show you how to create permissions, and check on login status and from django.contrib.auth.models import User # Create user and save to the You can get information about the currently logged in user in  Also note: if you want a user account to be able to create users using the Django admin site, you’ll need to give them permission to add users and change users (i.e., the “Add user” and “Change user” permissions). If an account has permission to add users but not to change them, that account won’t be able to add users.

Django Tutorial Part 8: User authentication and permissions, Model): # Model fields go here class Meta: permissions = ( ("​can_see_dealer_price", "Can see dealer price"), ). And then you can check if the current user has  The takeaway is that working with User models is tricky in any web framework. Django has a robust user authentication system but given that many projects use a custom user model instead, the best approach when you want to refer to the current user model--of the three available--is to just always use get_user_model.