How to correctly use asymetric mixed permissions?

[braiam]

For business reasons, I want to use a single user.has_perm() for checking if a user has any of the multiple permissions/conditions combination that could apply. To borrow from the book example, lets say that editors instead of being able to edit any book, they can only edit books that have been assigned to them. This could be expressed with this:

@rules.predicate
def is_book_assigned_editor(user, book):
  return book.assigned_editor == user

But since there are multiple users that have different levels of permissions, the assigned editor has to have a condition to be able to be assigned a book, so I wrote it like this:

@rules.predicate
def is_book_assigned_editor(user, book):
  if not user.has_perms("books.edit_book"):
    return False
  return book.assigned_editor == user

The book author stays the same.

If I want to create a permission that coalesces both, then:

rules.add_perm('books.change_book', is_book_author | is_book_assigned_editor)

And is checked using:

user.has_perm('books.change_book', guidetodjango)

In the case of class based views:

class BookEdit(PermissionRequiredMixin, SingleObjectMixin, View):
    permission_required = 'books.change_book'
    model = Books

or

class BookEdit(PermissionRequiredMixin, View):
    permission_required = 'books.change_book'

    def get_object(self):
        return self.book

The reason why I'm asking this, is because I want to avoid groups to be assigned the "combined" rule permission, if I declare the permissions on the model like this:

class Book(RulesModel):
    class Meta:
        rules_permissions = {
            "edit_book",
            "change": is_book_author | is_book_assigned_editor,
            ...
        }

As usually that creates a entry in the auth_permissions table.