Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from rest_framework.permissions import SAFE_METHODS, BasePermission
- class IsAuthorized(BasePermission):
- def has_object_permission(self, request, view, obj):
- if request.method in SAFE_METHODS:
- return True
- if request.user.is_authenticated == False:
- return False
- if request.method == 'POST':
- return True
- if request.method in ['PATCH', 'DELETE']:
- return request.user.role in ['admin', 'moderator']
- return True
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement