segnalibre-backend/segnalibre_app/permissions.py

from rest_framework import permissions

class isOwner(permissions.BasePermission):
     def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return obj.owner == request.user
First sprint 2019-11-23 01:36:02 +01:00			`from rest_framework import permissions`

			`class isOwner(permissions.BasePermission):`
			`def has_object_permission(self, request, view, obj):`
			`# Read permissions are allowed to any request,`
			`# so we'll always allow GET, HEAD or OPTIONS requests.`
			`if request.method in permissions.SAFE_METHODS:`
			`return True`

			`# Write permissions are only allowed to the owner of the snippet.`
			`return obj.owner == request.user`