Untitled

from rest_framework.permissions import SAFE_METHODS, BasePermission


class IsAuthorized(BasePermission):

    def has_object_permission(self, request, view, obj):
        if request.method in SAFE_METHODS:
            return True
        if request.user.is_authenticated == False:
            return False
        if request.method == 'POST':
            return True
        if request.method in ['PATCH', 'DELETE']:
            return request.user.role in ['admin', 'moderator']
        return True