django-rest-delegated-permissions

Delegate django rest framework object permissions to an object pointed by foreign key/m2m

Sample: set up permissions so that anyone having django/django guardian permissions on Invoice will have the same set of permissions on its address:

class Address(models.Model):
    ... address fields

class Invoice(models.Model):
    address = models.OneToOneField(Address, related_name='invoice')
    ... invoice fields

-------------

perms = RestPermissions()

@perms.apply(permissions=DelegatedPermissions(perms, "invoice")
class AddressViewSet(ModelViewSet):
    queryset = Address.objects.all()
    serializer = AddressSerializer
    ...

@perms.apply()            # implicitely adds django model permissions and guardian permissions
class InvoiceViewSet(ModelViewSet):
    queryset = Invoice.objects.all()
    serializer = InvoiceSerializer
    ...

See docs and API at http://django-rest-delegated-permissions.readthedocs.io/en/latest/