Add IsAuthorOrReadOnly permission
This commit is contained in:
parent
2f3184d923
commit
950bb735e7
11
core/permissions.py
Normal file
11
core/permissions.py
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
from rest_framework.permissions import BasePermission, SAFE_METHODS
|
||||||
|
|
||||||
|
|
||||||
|
class IsAuthorOrReadOnly(BasePermission):
|
||||||
|
def has_object_permission(self, request, view, obj):
|
||||||
|
return bool(
|
||||||
|
request.method in SAFE_METHODS
|
||||||
|
or request.user
|
||||||
|
and request.user.is_authenticated
|
||||||
|
and obj.author == request.user
|
||||||
|
)
|
Loading…
Reference in New Issue
Block a user