You can add a permissions.py file to each app. This file should contain registered object permission checker functions.
my_app/permissions.py
from rolepermissions.permissions import register_object_checker
from my_project.roles import SystemAdmin
@register_object_checker()
def access_clinic(role, user, clinic):
if role == SystemAdmin:
return True
if user.clinic == clinic:
return True
return Falsewhen requested the object permission checker will receive the role of the user, the user and the object being verified and should return True if the permission is granted.
Use the has_object_permission <has-object-permission> method to check for object permissions.