lib/api/permissions.py

from rest_framework import permissions


class IsAuthorOrReadOnly(permissions.BasePermission):

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request
        if request.method in permissions.SAFE_METHODS:
            return True

        return obj.author == request.user or request.user.is_superuser
added first public views - no check for access rights at the moment 2024-07-12 17:22:17 +02:00			`from rest_framework import permissions`


			`class IsAuthorOrReadOnly(permissions.BasePermission):`

			`def has_object_permission(self, request, view, obj):`
			`# Read permissions are allowed to any request`
			`if request.method in permissions.SAFE_METHODS:`
			`return True`

			`return obj.author == request.user or request.user.is_superuser`