2023-05-03 13:14:54 +09:00
|
|
|
from rest_framework.permissions import BasePermission, SAFE_METHODS
|
|
|
|
|
|
|
|
|
|
|
|
class IsAuthorOrReadOnly(BasePermission):
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
|
|
return bool(
|
|
|
|
request.method in SAFE_METHODS
|
|
|
|
or request.user
|
|
|
|
and request.user.is_authenticated
|
|
|
|
and obj.author == request.user
|
|
|
|
)
|
2023-05-17 16:10:25 +09:00
|
|
|
|
|
|
|
|
|
|
|
class IsAdminUserOrReadOnly(BasePermission):
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
return bool(
|
|
|
|
request.method in SAFE_METHODS
|
|
|
|
or request.user
|
|
|
|
and request.user.is_staff
|
|
|
|
)
|