HiPhone_BE/core/permissions.py
2023-05-17 16:51:42 +09:00

21 lines
592 B
Python

from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAuthorOrReadOnly(BasePermission):
def has_object_permission(self, request, view, obj):
return bool(
request.method in SAFE_METHODS
or request.user
and request.user.is_authenticated
and obj.author == request.user
)
class IsAdminUserOrReadOnly(BasePermission):
def has_permission(self, request, view):
return bool(
request.method in SAFE_METHODS
or request.user
and request.user.is_staff
)