I have several models, including User and Group from contrib.auth. I run Django 1.4.1.
None of the users appears to have permissions:
In [1]: User.objects.get(id=1).user_permissions.all()
Out[1]: []
So, this means user has no permissions, and there are no permissions in the user’s group. But
In [2]: User.objects.get(id=1).has_perm('change_profile')
Out[2]: True
(Expected False)
How can have only permssions set explicitly? Do I need to change auth backend for this?
In settings, only model backend is set:
In [23]: settings.AUTHENTICATION_BACKENDS
Out[23]: ('django.contrib.auth.backends.ModelBackend',)
The issue was that the user was superuser (
is_superuser), and any permission check would return True.