Dashbaord perms - check request on every view

[Pablo Camino Bueno]

Hello,

 

I have a multisite (django sites framework) oscar project, that uses the permission based dashboard. Each Site belongs to one Partner.

I understand that users with is_staff==True have access to all views in the dashboard. And non-staff users with the partner.dashboard_access permission set, have access to a subset of views. I can set them using the permissions_map.

As I have multiple sites, my users can log in several of them. They'd see the list views filtered, to show only the elements related to his partners. 

My scenario requieres one more thing. When the user access to a details or update view, this object must belong to one his partners. How can I achieve this? For example, by checking the request, I know if the current site belongs to a user's partner.

The problem is I can't pass the request or any other argument to the elements in the permissions_map. So, what other choices I have? I may create a mixin that overrides dispatch() and checks the request, but then I'd need to override a lot of dashboard views to inherit the mixin. Maybe a decorator that wraps the urls in app.py files? a mixin for a dashboard parent view or something at higher level?