diff --git a/core/permissions.py b/core/permissions.py new file mode 100644 index 0000000..7e6f4e5 --- /dev/null +++ b/core/permissions.py @@ -0,0 +1,11 @@ +from rest_framework.permissions import BasePermission, SAFE_METHODS + + +class IsAuthorOrReadOnly(BasePermission): + def has_object_permission(self, request, view, obj): + return bool( + request.method in SAFE_METHODS + or request.user + and request.user.is_authenticated + and obj.author == request.user + )