From 950bb735e798fa7e077b33540aef3f7c74c526e9 Mon Sep 17 00:00:00 2001 From: jhyns Date: Wed, 3 May 2023 13:14:54 +0900 Subject: [PATCH] Add IsAuthorOrReadOnly permission --- core/permissions.py | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 core/permissions.py diff --git a/core/permissions.py b/core/permissions.py new file mode 100644 index 0000000..7e6f4e5 --- /dev/null +++ b/core/permissions.py @@ -0,0 +1,11 @@ +from rest_framework.permissions import BasePermission, SAFE_METHODS + + +class IsAuthorOrReadOnly(BasePermission): + def has_object_permission(self, request, view, obj): + return bool( + request.method in SAFE_METHODS + or request.user + and request.user.is_authenticated + and obj.author == request.user + )