Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from rest_framework import permissions
- class IsAdminUserOrReadOnly(permissions.BasePermission):
- # Allow GET requests for anyone
- # but allow only admin users for other actions
- def has_permission(self, request, view):
- if request.method in permissions.SAFE_METHODS:
- return True
- return request.user and request.user.is_staff
- class IsOwnerOrAdmin(permissions.BasePermission):
- # Allow GET requests for anyone
- def has_object_permission(self, request, view, obj):
- return request.user.is_staff or obj.user == request.user
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement