What is the best way to have row-level authorization in django with some constraints?
I have a django app which consists of multiple different models. These models are related to each others with database relations. And somehow these relations are making a hierarchy.
For example:
Model City can have multiple Libraries
Model Library can have multiple Books
Now I can't have row-level permissions over single instances without their related instaces. its like having permission to view a certain book but not the library which it belongs to.
So the case is I want to have a way to define a permission over city for example to see all of its libraries (but not book). And maybe to have a permission to see all libraries and books.. etc...
What I though about is to have a rule-based authroization system to handle all the cases that might a rise by following a set of rules (it is somehow a smart and persisted way to do the authorization), but I was afraid that I am overwhelming and there might be a hidden package that I can use in django which solve this case efficiently.