在Django Rest框架中限制Company对象内的用户管理角色

from django.db import models
from django.contrib.auth.models import User

class Company(models.Model):
    name = models.CharField(max_length=100)
    users = models.ManyToManyField(User, related_name='companies')

from rest_framework import permissions

class IsCompanyAdmin(permissions.BasePermission):
    """
    Custom permission to only allow users who are admins of the company.
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the admin of the company.
        return obj.users.filter(id=request.user.id, is_admin=True).exists()

from rest_framework import viewsets
from .models import Company
from .serializers import CompanySerializer
from .permissions import IsCompanyAdmin

class CompanyViewSet(viewsets.ModelViewSet):
    queryset = Company.objects.all()
    serializer_class = CompanySerializer
    permission_classes = [IsCompanyAdmin]

from django.contrib.auth.models import AbstractUser

class CustomUser(AbstractUser):
    is_admin = models.BooleanField(default=False)