added first public views - no check for access rights at the moment

2024-07-12 17:22:17 +02:00
parent 7d53df6ea5
commit 3640ab759d
22 changed files with 386 additions and 69 deletions
--- a/lib/api/permissions.py
+++ b/lib/api/permissions.py
@@ -0,0 +1,11 @@
+from rest_framework import permissions
+
+
+class IsAuthorOrReadOnly(permissions.BasePermission):
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        return obj.author == request.user or request.user.is_superuser