Added permissions to views

2024-11-16 22:19:24 +08:00 · 2023-05-20 08:20:20 +08:00 · 2023-05-20 08:20:20 +08:00 · 7ad2654b00
commit 7ad2654b00
parent 5b296ac367
5 changed files with 18 additions and 1 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -0,0 +1,6 @@
+{
+    "[python]": {
+        "editor.defaultFormatter": "ms-python.autopep8"
+    },
+    "python.formatting.provider": "none"
+}
--- a/project/config/settings.py
+++ b/project/config/settings.py
@ -47,6 +47,7 @@ INSTALLED_APPS = [
    'corsheaders',
    'djoser',
    'accounts',
+    'permissions',
 ]

 MIDDLEWARE = [
--- a/project/notes/views.py
+++ b/project/notes/views.py
@ -2,10 +2,11 @@ from rest_framework.permissions import IsAuthenticated
 from rest_framework import viewsets, generics
 from .serializers import NoteSerializer
 from .models import Note
+from permissions.permissions import IsOwner


 class NoteViewSet(viewsets.ModelViewSet):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsOwner]
    serializer_class = NoteSerializer
    queryset = Note.objects.all()

--- a/project/permissions/init.py
+++ b/project/permissions/init.py
--- a/project/permissions/permissions.py
+++ b/project/permissions/permissions.py
@ -0,0 +1,9 @@
+from rest_framework.permissions import BasePermission
+
+class IsOwner(BasePermission):
+    """
+    Custom permission to only allow the creator of an object to view and manipulate it.
+    """
+    def has_object_permission(self, request, view, obj):
+        # Only allow the creator of the object to view and manipulate it.
+        return obj.creator == request.user