I want to get a list of all Django auth user with a specific permission group, something like this:

user_dict = {
    'queryset': User.objects.filter(permisson='blogger')
}

I cannot find out how to do this. How are the permissions groups saved in the user model?

If you want to get list of users by permission, look at this variant:

from django.contrib.auth.models import User, Permission
from django.db.models import Q

perm = Permission.objects.get(codename='blogger')  
users = User.objects.filter(Q(groups__permissions=perm) | Q(user_permissions=perm)).distinct()

This would be the easiest

from django.contrib.auth import models

group = models.Group.objects.get(name='blogger')
users = group.user_set.all()

I think for group permissions, permissions are stored against groups, and then users have groups linked to them. So you can just resolve the user - groups relation.

e.g.

518$ python manage.py shell

(InteractiveConsole)
>>> from django.contrib.auth.models import User, Group
>>> User.objects.filter(groups__name='monkeys')
[<User: cms>, <User: dewey>]

Based on @Glader's answer, this function wraps it up in a single query, and has been modified to algo get the superusers (as by definition, they have all perms):

from django.contrib.auth.models import User
from django.db.models import Q

def users_with_perm(perm_name):
    return User.objects.filter(
        Q(is_superuser=True) |
        Q(user_permissions__codename=perm_name) |
        Q(groups__permissions__codename=perm_name)).distinct()

# Example:
queryset = users_with_perm('blogger')

Do not forget that specifying permission codename is not enough because different apps may reuse the same codename. One needs to get permission object to query Users correctly:

def get_permission_object(permission_str):
    app_label, codename = permission_str.split('.')
    return Permission.objects.filter(content_type__app_label=app_label, codename=codename).first()

def get_users_with_permission(permission_str, include_su=True):
    permission_obj = get_permission_object(permission_str)
    q = Q(groups__permissions=permission_obj) | Q(user_permissions=permission_obj)
    if include_su:
        q |= Q(is_superuser=True)
    return User.objects.filter(q).distinct()

Code with imports: https://github.com/Dmitri-Sintsov/django-jinja-knockout/blob/master/django_jinja_knockout/models.py

Groups are many-to-many with Users (you see, nothing unusual, just Django models...), so the answer by cms is right. Plus this works both ways: having a group, you can list all users in it by inspecting user_set attribute.

Based on @Augusto's answer, I did the following with a model manager and using the authtools library. This is in querysets.py:

from django.db.models import Q
from authtools.models import UserManager as AuthUserManager

class UserManager(AuthUserManager):
    def get_users_with_perm(self, perm_name):
        return self.filter(
                Q(user_permissions__codename=perm_name) |
                Q(groups__permissions__codename=perm_name)).distinct()

And then in models.py:

from django.db import models
from authtools.models import AbstractEmailUser
from .querysets import UserManager


class User(AbstractEmailUser):
   objects = UserManager()

Try this:

User.objects.filter(groups__permissions = Permission.objects.get(codename='blogger'))

$ python manage.py shell <<'EOF'
> from django.contrib.auth.models import User
> User.objects.filter(groups__name='blogger')
> EOF
...
(InteractiveConsole)
>>> >>> [<User: foo>, <User: bar>, <User: baz>, '...(remaining elements truncated)...']

(simplified from cms' answer, which I can't edit)