I want to restrict update of a record to the record owner in an UpdateAPIView with Django REST, but I don't know how to code the method.
For example, something like this:
from rest_framework import generics
from testapp.serializers import UserProfileSerializer
from rest_framework.renderers import JSONRenderer
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import permissions
from oauth2_provider.ext.rest_framework import TokenHasReadWriteScope
class UserProfileView(generics.UpdateAPIView):
permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
serializer_class = UserProfileSerializer
queryset = UserProfile.objects.all()
# patch method?
# if UserProfile user != self.request.user:
# raise exceptions.PermissionDenied
# else:
# continue as normal
Where "user" is a field on the UserProfile model.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/61d98fdd-c40d-4ec4-9914-9e505ecc8f54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment