django-permission | enhanced permission system which support object

I am building a quite complex Django application to be used on top of and email scanning service. The Django application is written using Python 3.5+

This application primarily uses Django Rest Framework to handle communication with the frontend in the browser.

The issue that I am currently having is that I try to implement the concept of a System Administrator, Domain Administrator and Application User

The System Administrator is basically the "normal" django superuser and is therefore capable of doing everything and see every record in the system.

The Domain Administrator is user who manages one or more email domains. I keep track of this using a Many2Many relationship between the users and the domains. The idea would then be to predefine a filter, so that the log of messages processed, will be automatically filtered to show only messages where the sender domain or the recipient domain equal a domain in the list of domains that the given user is assigned to.

The same would be true for blacklisting/whitelisting policies.

If the Domain Administrator is not assigned to any domains, then no data is shown.

The Application User is basically any authenticated user with one or more domains assigned to them, using the same Many2Many relationship as the Domain Administrator. If no domains are assigned, then no data is shown.

I have found some other solution here on Stackoverflow on making the request.user available to the QuerySet in the ModelManager, but that does not seem like the correct way to handle it.

I have looked at django-guardian, django-authority and django-permissions, but none of them seem to be affecting the QuerySet or the resulting list of objects.

Does anyone have a suggestion for Django package/addon that can be used to handle this or maybe an idea for how this could be handled?

Am using django-permission on simple test app (almost identical to the example used in the docs) to try to figure out how it works. I have read the documentation and tried to use the example app provided on this link.

The issue is when the author of an article is not able to edit/ delete the article.

The user in question has been granted all permissions in the admin section.

Key code listed below - any help much appreciated

test_app/models.py

Thanks for reading my question.

Before to ask, i was reading about my doubt:

http://djangobook.com/customizing-authentication-django/

django roles authorization architecture

Django Permissions for Different Clients

... And i'm not clear about permissions set in Django :(

I learning Django, but i want to try to build a permission set on my app. My system is about a schoool: teachers, students, management people, class room leaders.

The system's premise is: an user only must to have a rol.

Some questions about it:

1. I thinking to prepopulate role table, with general profiles: student, teacher, management... What is the better way to do it?

2. The typical restriction: a teacher is the unique profile can add, delete, view, edit your student's scores. What is the better way to do it? Should I do it through a custom system? Have u some url, code or source where can i to check it?

Excuse me my english. Thanks!