v1/common/permissions.py
#!/usr/bin/env python
# encoding: utf-8
from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.BasePermission):
"""
Custom permission to only allow owners
of an object and admins to edit it.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to the owner of the recipe.
return obj.recipe.author == request.user
class IsAdminOrReadOnly(permissions.BasePermission):
"""
Custom permission to only allow admins to edit.
"""
def has_permission(self, request, view):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to admin users.
return request.user and request.user.is_staff