Implementing Object Level Permissions

[moluwole]

Feature Request Type

• Core functionality
• Alteration (enhancement/optimization) of existing feature(s)
• New behavior

Description

Is there a way to implement Object Level Permissions? Something similar to what we have on Django Rest Framework. This would enable us to determine if a user has access to a particular object or model instance

This would be a great help in a multi-tenancy system where some users would have the same permissions but would only be able to access certain model objects

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

[thclark]

This is already completely possible.

Aside: Django rest framework doesn't have object-level permissions out of the box, it usually uses django's permissions framework, to which you can add django-guardian in order to add object-level permissions.

It's the same with strawberry, it integrates with django-guardian to achieve this, and if you search for guardian in the django strawberry docs you'll find it there.

[moluwole]

Thanks for the clarification. I've not used django-guardian in the past.
I'll take a look at it

Aside: https://www.django-rest-framework.org/api-guide/permissions/#object-level-permissions. Django Rest Framework does have Object Level Permissions out of the box although it comes with it's own limitations