Fixed #27489 -- Renamed permissions upon model renaming in migrations.

artirix1927 · artirix1927 · commit 7530d688b67a · 2025-08-10T03:40:32.000-04:00
diff --git a/django/contrib/auth/apps.py b/django/contrib/auth/apps.py
@@ -1,12 +1,12 @@
 from django.apps import AppConfig
 from django.core import checks
 from django.db.models.query_utils import DeferredAttribute
-from django.db.models.signals import post_migrate
+from django.db.models.signals import post_migrate, pre_migrate
 from django.utils.translation import gettext_lazy as _
 
 from . import get_user_model
 from .checks import check_middleware, check_models_permissions, check_user_model
-from .management import create_permissions
+from .management import create_permissions, rename_permissions
 from .signals import user_logged_in
 
 
@@ -20,6 +20,13 @@ def ready(self):
             create_permissions,
             dispatch_uid="django.contrib.auth.management.create_permissions",
         )
+
+        pre_migrate.connect(
+            rename_permissions,
+            dispatch_uid="django.contrib.auth.management.\
+                          rename_permissions",
+        )
+
         last_login_field = getattr(get_user_model(), "last_login", None)
         # Register the handler only if UserModel.last_login is a field.
         if isinstance(last_login_field, DeferredAttribute):
diff --git a/django/contrib/auth/management/__init__.py b/django/contrib/auth/management/__init__.py
@@ -9,7 +9,9 @@
 from django.contrib.auth import get_permission_codename
 from django.contrib.contenttypes.management import create_contenttypes
 from django.core import exceptions
-from django.db import DEFAULT_DB_ALIAS, router
+from django.db import DEFAULT_DB_ALIAS, migrations, router, transaction
+from django.db.utils import IntegrityError
+from django.utils.text import camel_case_to_spaces
 
 
 def _get_all_permissions(opts):
@@ -108,6 +110,98 @@ def create_permissions(
             print("Adding permission '%s'" % perm)
 
 
+class RenamePermission(migrations.RunPython):
+    def __init__(self, app_label, old_model, new_model):
+        self.app_label = app_label
+        self.old_model = old_model
+        self.new_model = new_model
+        super(RenamePermission, self).__init__(
+            self.rename_forward, self.rename_backward
+        )
+
+    def _rename(self, apps, schema_editor, old_model, new_model):
+        ContentType = apps.get_model("contenttypes", "ContentType")
+        # live model import since with frozen model we have no fk's
+        # and permission model has default ordering based on fk's
+        from django.contrib.auth.models import Permission
+
+        db = schema_editor.connection.alias
+
+        ctypes = ContentType.objects.filter(
+            app_label=self.app_label, model__iexact=old_model.lower()
+        )
+
+        permissions = Permission.objects.filter(
+            content_type_id__in=(ctype.id for ctype in ctypes)
+        )
+
+        for permission in permissions:
+            prefix = permission.codename.split("_")[0]
+            default_verbose_name = camel_case_to_spaces(new_model)
+
+            new_codename = f"{prefix}_{new_model.lower()}"
+            new_name = f"Can {prefix} {default_verbose_name}"
+
+            # Only update if changes are needed
+            if permission.codename != new_codename or permission.name != new_name:
+                # Save original values in case of error
+                original_codename = permission.codename
+                original_name = permission.name
+
+                permission.codename = new_codename
+                permission.name = new_name
+
+                try:
+                    with transaction.atomic(using=db):
+                        permission.save(update_fields={"name", "codename"})
+                except IntegrityError:
+                    # Skip conflicting permissions - leave them unchanged
+                    permission.codename = original_codename
+                    permission.name = original_name
+
+    def rename_forward(self, apps, schema_editor):
+        self._rename(apps, schema_editor, self.old_model, self.new_model)
+
+    def rename_backward(self, apps, schema_editor):
+        self._rename(apps, schema_editor, self.new_model, self.old_model)
+
+
+def rename_permissions(
+    plan,
+    verbosity=2,
+    interactive=True,
+    using=DEFAULT_DB_ALIAS,
+    apps=global_apps,
+    **kwargs,
+):
+    """
+    Insert a `RenamePermissionType` operation after every planned `RenameModel`
+    operation.
+    """
+    try:
+        Permission = apps.get_model("auth", "Permission")
+    except LookupError:
+        return
+    else:
+        if not router.allow_migrate_model(using, Permission):
+            return
+
+    for migration, backward in plan:
+
+        inserts = []
+        for index, operation in enumerate(migration.operations):
+            if isinstance(operation, migrations.RenameModel):
+                operation = RenamePermission(
+                    migration.app_label,
+                    operation.old_name,
+                    operation.new_name,
+                )
+
+                inserts.append((index + 1, operation))
+        for inserted, (index, operation) in enumerate(inserts):
+            migration.operations.insert(inserted + index, operation)
+
+
 def get_system_username():
     """
     Return the current system user's username, or an empty string if the
diff --git a/tests/auth_tests/operations_migrations/0001_initial.py b/tests/auth_tests/operations_migrations/0001_initial.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+    dependencies = []
+
+    operations = [
+        migrations.CreateModel(
+            name="OldModel",
+            fields=[
+                ("id", models.AutoField(primary_key=True)),
+            ],
+        ),
+    ]
diff --git a/tests/auth_tests/operations_migrations/0002_rename_oldmodel_to_newmodel.py b/tests/auth_tests/operations_migrations/0002_rename_oldmodel_to_newmodel.py
@@ -0,0 +1,15 @@
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("auth_tests", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.RenameModel(
+            old_name="OldModel",
+            new_name="NewModel",
+        ),
+    ]
diff --git a/tests/auth_tests/operations_migrations/__init__.py b/tests/auth_tests/operations_migrations/__init__.py
diff --git a/tests/auth_tests/test_management.py b/tests/auth_tests/test_management.py
