Description
Currently when making custom permissions, the "pk" field is useless as there is no way to actually retrieve the instance of the object you are checking against as the BasePermission class has no referent to a model type.
I ran into this issue when trying to write the following permission class to see if a user owns a model:
class IsOwner(BasePermission):
def has_permission(self, user, action, pk):
try:
# have to hard code Job here because BasePermission has no reference to the Model it is checking
job = Job.objects.get(pk=pk)
except Job.DoesNotExist:
return False
if action == "SUBSCRIBE":
return user == job.owner
return FalseWhile this works for the Job model, I want to make this more general as I have other models with Owner that I want to use the same permission on. As I see it now, there's no way to generically use this field to do anything at all.
I think this was just a design oversight and I figure this can be solved pretty easily through just passing a reference to the Model of the binding to the permission class upon construction that can then be accessed from the has_permission method. I'll submit a PR with a fix once I have a chance.