Allow boolean operations between authorization items

[taion]

For combining authorization, in many cases it would be simpler to do something like:

class WidgetView(GenericModelView):
    authorization = WidgetAuthorization() | AdminAuthorization()

Instead of having to define a new authorization class that combines the two in a less declarative manner.

Inspired by the permission_classes functionality in DRF.

[sloria]

I like the idea.

Out of the box, DRF just runs permission_classes serially, but there are 3rd-party packages that allow you to compose permissions, e.g. https://github.com/caxap/rest_condition .

EDIT: Ah, looks like DRF does support composable permissions in recent releases.

[sloria]

Tangentially related: it might be nice have a way to combine other objects like Filtering. This could be useful for mixins and base classes.

class MyEntityMixin:
    filtering = Filtering(id=operator.eq, ..)

class WidgetView(MyEntityMixin, GenericModelView):
    filtering = MyEntityMixin.filtering | Filtering(factory_id=operator.eq)