The permission decorator / mixin seems to only return True/False. I would like to pass object filter to limit what records a user can view in ViewList class. For example, in the case of doctor users, each doctor can only views patients.objects.filter(doctor==request.user)

@has_permission_decorator('view_patient_list')
def view_patients(request, filter=None, *args, **kwargs):
    return patients.objects.filter(**filter)

Should I create a second decorator after @has_permission_decorator to accomplish that?

Thanks!

Hi @privateuly, could you develop this further? I'm not sure i understand your question

Hi @filipeximenes, sorry I wasn't clear. Please bear with me as I am new to the django permissioning concept.

My understanding of this django-role-permissions is that it is used to restrict access to CRUD actions on a per object basis. How about ListView? I would like to restrict (ie. filter) list access depending on some logic. For instance, a doctor can only pull up a list of clients that are associated to him/her. Is this within the scope of this library, or do I need to create something extra?

Can I also verify that the built-in decorators and mix-ins don't work for object permissioning and we'll need to create our own using the has_object_permission()?

Thanks again for the library!

I found what a discussion of what I was looking for here dfunckt/django-rules#40. It's clear to me now that what I have in mind is outside the scope of this project, so I am just going to close this issue. Thanks again!