Passing the view's request or extra arguments to a predicate.
suspiciousRaccoon opened this issue · comments
I've looked a bit at the source code and predicates don't seem to support this.
In my use case I need to query the database to see if the user has permissions to do something in a Role table, but a user may have multiple, differing roles. I can handle this in delete / update / view permissions by modifying the get_queryset()
method and thus the self.get_object()
method and adding additional filtering from the request there, but I am not able to do this for CreateView
s since PermissionRequiredMixin
returns None
when it is a CreateView.
A solution for this is using django's UserPassesTestMixin
, but at that point it doesn't make much sense to use django-rules.
It would be great to have the option of passing additional arguments or the view to predicates.
For comparison, django-rest passes both the view and the request to the method that handles the checking:
from rest_framework import permissions
class BlocklistPermission(permissions.BasePermission):
"""
Global permission check for blocked IPs.
"""
def has_permission(self, request, view):
ip_addr = request.META['REMOTE_ADDR']
blocked = Blocklist.objects.filter(ip_addr=ip_addr).exists()
return not blocked