Advanced Setup

models.py:

from django.contrib.auth.models import AbstractUser
from django.db import models
from rules.contrib.models import RulesModel

from iam.models import UserProfileModel
from iam.predicates import is_owner
from iam.registry import register_role
from .rules import is_author, is_super_author


@register_role
class AuthorProfile(UserProfileModel):
    is_super_author = models.BooleanField(default=False)


class BlogPost(RulesModel):
    owner = models.ForeignKey(AuthorProfile, models.PROTECT, 'blogs')

    class Meta:
        rules_permissions = {
            'add': is_author,
            'view': is_super_author | is_author,
            'change': is_super_author | (is_author & is_owner),
            'delete': is_super_author,
        }

rules.py:

import rules

from iam.utils import lazy_get_predicate

rules.add_perm('blog', rules.is_staff)

is_author = lazy_get_predicate('blog.AuthorProfile')
is_super_author = lazy_get_predicate('blog.AuthorProfile', lambda p: p.is_super_author)