Django allows you to give users and groups of users custom permissions on objects (and django-guardian adds some nice ways of using this). There are various ways of putting users into hierarchies. What I'd like to do is add two types of hierarchies to the permissions themselves. For example if someone has a given permission on a Book object, I want them to implicitly have that permission on each Page object. Also, if someone has an change permission on a Page, I want them to implicitly have the view permission on that Page.
In sum, I want page.has_permission('view', user) to check both page.has_permission('*edit*', user) and page *.book* .has_permission('view', user), and for book.has_permission('view', user) to itself check book.has_permission('*edit*', user). (Asterisks just for emphasis.)
I don't need anything as complex as django-rules, and I prefer the generic foreign key approach as I will not have large numbers and it keeps the model structure clean and focused. I'd like to avoid repeating the logic for these permission relationships in views, or cluttering models, and I'd ideally keep this permission structure centralized somewhere, ideally declaratively. For example
perm_hierarchy = {'view': ['edit', 'delete', ]}
model_perm_hierarchy = { Page : [Chapter, ],
Chapter : [Book, ]}
Then a layer that when checking for 'view' on Page checks for 'edit' and 'delete' permissions on that Page object.
And similarly when checking Page for a permission, checks Chapter for the same permission (if that same named permission is defined for Chapter).
Very happy to be told I'm thinking about this wrong.
