I am trying to use django rules to configure object permissions in django and the django admin interface.
Now when I add permission rules, they will always only be called with the first param, but the object is always None.
For example I if I would create this predicate:
@rules.predicate
def is_book_author(user, book):
return book.author == user
And then add it to the django permission set:
rules.add_perm('books.view_book', is_book_author)
Now when I log into the admin interface with a user, then the is_book_author will be called with the user and None. It will be called multiple times (once per object), but the object ist always None.
I am using rules 2.0.0 with django 2.1.1 and python 3.7.
Any ideas if I'm doing something wrong or how to configure django to call the predicate with the individual object?
add_book
is the permission to add a book, not to "save" the book. I think you should handle this in the form (or even in the form just "inject" the user, such that he/she can simply never add other data).ObjectPermissionsModelAdmin
andadd_perm
with predicate? Take a look also on github.com/dfunckt/django-rules/blob/v2.0.0/tests/testapp/… Try to compare your code with that from the repo.