Management Commands¶
Use Case¶
These management commands are designed for use when there is a need to programmatically create or update Django users, groups, and permissions, without needing to hardcode these in migrations or application code.
The commands are designed to work idempotently - that is, running them multiple times with the same inputs should always result in the same outcomes, and without additional side-effects if they are run more than once.
manage_group¶
The manage_group
command is used to ensure that a specific django.contrib.auth.models.Group
exists, and that it has a specific set of
permissions.
The following example will create a group named mygroup
if it does not exist (and will do nothing if it does exist):
$ python manage.py manage_group mygroup
The following example will create or update the group named privileged_group
and assign to it the permissions
for adding and deleting instances of model “Thing” in “myapp”:
$ python manage.py manage_group privileged_group -p myapp:Thing:add_thing myapp:Thing:delete_thing
In the above example, if the group already possessed another permission such as “update_thing”, that permission would be automatically removed.
An option to remove, instead of create, is also available:
$ python manage.py manage_group mygroup --remove
In the above example, the matching group would be deleted if it existed, and the command would do nothing otherwise.
manage_user¶
The manage_user
command is used to ensure that a specific user exists, and that it has a specific set of groups.
It can also be used to toggle the is_staff
and is_superuser
bits on that user account.
The following example will create a user named groucho
if it does not exist:
$ python manage.py manage_user groucho groucho@example.com
In the above example, if groucho
already exists, the command will continue without action / error, as long as the
supplied email address matches the one already stored. If this is not the case, the command will fail with an error.
This is intended as a control measure against potential scripting errors that might cause an existing user to lose
control of an existing account.
To set the staff or superuser bits, use the associated options:
$ python manage.py manage_user groucho groucho@example.com --staff --superuser
In the above example, both bits will be set to true. In order to set the bits to false, omit the options.
To assign a user to specific groups, use the -g option:
$ python manage.py manage_user groucho groucho@example.com -g mygroup privileged_group
The above will ensure that groucho
will be assigned to mygroup
and privileged_group
, and removed from any
others to which they may already have been assigned.
Note that if any of the groups specified with -g
do not exist, the command will output a warning, but will
continue without creating the group. This measure is intended to ensure that, in an automated deployment setting,
a prior misconfiguration involving some particular group will not cause a cascading failure in setting (or removing)
other group memberships.
An option to remove, instead of create, is also available:
$ python manage.py manage_user groucho groucho@example.com --remove
In the above example, the matching user would be deleted if it existed, and the command would do nothing otherwise.