How to combine AND and OR in DRF permission_classes decorator?

Before executing a view I would like to verify multiple permissions within the permission_classes decorator, by checking permissions with AND and OR operators. My problem is that IsUserInstance isn't checked in the example bellow, and when I replace & by and then both permission into the parenthesis are not checked.

What is the best way to do that ? or, alternatively, how can I create a new permission that check IsIndividual and IsUserInstance ?

views.py

@permission_classes([IsSuperUser | IsManager | (IsIndividual & IsUserInstance)])
class IndividualDetailsView(RetrieveAPIView):
    serializer_class = IndividualSerializer
    lookup_url_kwarg = "pk"

    def get_object(self):
        pk = self.kwargs.get(self.lookup_url_kwarg)
        return Individual.objects.get(pk=pk)

permissions.py

class IsIndividual(permissions.BasePermission):
    def has_permission(self, request, view):
        return Individual.objects.filter(pk=request.user.pk).exists()


class IsUserInstance(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        return obj == request.user
Back to Top