I’ll start this by saying we use none of these for object level permission – we use our own custom method and I really wish we hadn’t. If you can avoid object level permissions at all, do so, they are a pain to organise.
This is how I evaluate the 3 apps you’ve mentioned.
Active Development:
- django-guardian (1 week ago)
- django-object-permissions (1 year ago)
- django-authority (nearly 2 years ago)
API
- django-guardian (save an instance of a defined model)
- django-object-permissions (register permissions)
- django-authority (define classes)
The above are in order by the way.
I’d recommend guardian purely on API alone, but the fact that it is still being developed where the others aren’t usually means a big win.