Add IsAuthorOrReadOnly permission

This commit is contained in:
jhyns 2023-05-03 13:14:54 +09:00
parent 2f3184d923
commit 950bb735e7

11
core/permissions.py Normal file
View File

@ -0,0 +1,11 @@
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAuthorOrReadOnly(BasePermission):
def has_object_permission(self, request, view, obj):
return bool(
request.method in SAFE_METHODS
or request.user
and request.user.is_authenticated
and obj.author == request.user
)