Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1from rest_framework import permissions 

2 

3 

4class UserIsOwner(permissions.BasePermission): 

5 """ 

6 Object-level permission to only allow authorized users of an object to edit it. 

7 Assumes the model instance has an `user` attribute (can be overriden with user_field). 

8 """ 

9 user_field = 'user' 

10 

11 def has_object_permission(self, request, view, obj): 

12 if not hasattr(obj, self.user_field): 

13 raise Exception('UserIsOwner: obj.{} does not exist: {}'.format(self.user_field, obj)) 

14 u = request.user 

15 return u and u.is_authenticated and getattr(obj, self.user_field) == u 

16 

17 

18class IsSameUser(permissions.BasePermission): 

19 """ 

20 Allow access to use only to user himself. 

21 """ 

22 def has_object_permission(self, request, view, obj): 

23 u = request.user 

24 return u and u.is_authenticated and obj.id == u.id