Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class SessionCsrfExemptAuthentication (SessionAuthentication):
- def enforce_csrf(self, request):
- pass
- class IsAuthenticatedAndOwner (permissions.BasePermission):
- def has_permission(self, request, view):
- return request.user and request.user.is_authenticated
- def has_object_permission(self, request, view, obj):
- return obj.creator == request.user
- @api_view (['GET', 'PUT', 'DELETE'])
- @authentication_classes([drf_perms.SessionCsrfExemptAuthentication]) ##disable CSRF check.
- @permission_classes([drf_perms.IsAuthenticatedAndOwner])
- def book_detail (request, id):
- book = get_object_or_404 (Book, id=id)
- if request.method == 'GET':
- serializer = BookSerializer(book)
- return Response (serializer.data)
- elif request.method == 'PUT':
- serializer = BookSerializer (book, data=request.data, context={'request': request})
- if serializer.is_valid():
- serializer.save()
- return Response (serializer.data)
- return Response (serializer.errors, status=status.HTTP_400_BAD_REQUEST)
- elif request.method == 'DELETE':
- book.delete()
- return Response (status=status.HTTP_204_NO_CONTENT)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement