Re: [Django] #26547: User has_perm Is Not Developer Friendly

Thu, 02 Apr 2026 12:50:21 -0700 

#26547: User has_perm Is Not Developer Friendly
-------------------------------------+-------------------------------------
     Reporter:  David Sanders        |                    Owner:  nobody
         Type:                       |                   Status:  closed
  Cleanup/optimization               |
    Component:  contrib.auth         |                  Version:  dev
     Severity:  Normal               |               Resolution:  needsinfo
     Keywords:  has_perm user        |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Comment (by Mariatta):

 I was pointed to this issue because I created a different and related
 issue #37021.

 I also need a way to check for permission using `user.has_perm` for any
 given `Permission` object.

 Currently the way we have to do it is by constructing the string as
 follows.
 {{{
 perm = Permission.objects.get(...)

 if user.has_perm(f"{perm.content_type.app_label}.{perm.codename}"):
     # do stuff

 }}}

 I prefer getting the string from the `Permission` object instead of
 hardcoding it.

 My suggestion is to add a new helper function to the Permission object
 like so:

 {{{
 class Permission():

     def perm_string(self): # feel free to suggest other name
         return f"{self.content_type.app_label}.{self.codename}"
 }}}

 so that the `user.has_perm()` does not have to change, and then I can use
 it like this:

 {{{
 perm = Permission.objects.get(...)
 if user.has_perm(perm.perm_string()):
     # do stuff
 }}}

 I think adding the helper function to the `Permission` object is simpler
 than making changes to the `has_perm` function. This way there is no
 concern with backward incompatibility, and we are not hardcoding the
 string during user permission check process.

 If you agree, I would like to try creating the PR.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/26547#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019d4fbf02ac-effa75be-1a52-4350-bd8a-5c28ccbbb929-000000%40eu-central-1.amazonses.com.

Reply via email to