ReversePermissionPolicy¶

class django_admin_reversefields.mixins.ReversePermissionPolicy(*args, **kwargs)[source]¶

Bases: Protocol

Protocol for checking reverse relation modification permissions.

Policies may be provided as callable objects or as objects exposing a has_perm method. The mixin calls has_perm if present before falling back to calling the object itself, so implementations can opt into either style. Policy objects may provide permission_denied_message to customise validation errors.

Example:

class StaffOnlyPolicy:
    permission_denied_message = "Staff access required"

    def __call__(self, request, obj, config, selection):
        return getattr(request.user, "is_staff", False)

permission_denied_message: str | None = None¶

Optional error message to display on the field when permission checks fail during form validation.

This message will be shown to users when __call__ returns False, helping them understand why they cannot modify the reverse relation.