src/servala/core/models/service.py

@@ -571,7 +571,7 @@ class ServiceInstance(ServalaModelMixin, models.Model):
         unique_together = [("name", "organization", "context")]
         rules_permissions = {
             "view": rules.is_staff | perms.is_organization_member,
-            "change": rules.is_staff | perms.is_organization_member,
+            "change": rules.is_staff | perms.is_organization_admin,
             "delete": rules.is_staff | perms.is_organization_admin,
             "add": rules.is_authenticated,
         }

src/servala/core/rules.py

@@ -13,15 +13,30 @@ def has_organization_role(user, org, roles):
 
 
 @rules.predicate
-def is_organization_owner(user, org):
+def is_organization_owner(user, obj):
+    if hasattr(obj, "organization"):
+        org = obj.organization
+    else:
+        org = obj
     return has_organization_role(user, org, ["owner"])
 
 
 @rules.predicate
-def is_organization_admin(user, org):
+def is_organization_admin(user, obj):
+    if hasattr(obj, "organization"):
+        org = obj.organization
+    else:
+        org = obj
     return has_organization_role(user, org, ["owner", "admin"])
 
 
 @rules.predicate
-def is_organization_member(user, org):
+def is_organization_member(user, obj):
+    if hasattr(obj, "organization"):
+        org = obj.organization
+    else:
+        org = obj
     return has_organization_role(user, org, None)
+
+
+rules.add_perm("core", rules.is_staff)