Re: DRF Tutorial Object Level Permissions

Tue, 09 Jan 2018 23:25:10 -0800 

Hi

You should rename « permissions_classes » into « permission_classes »  (note it 
is one letter shorter).

Regads,
Xavier,
Linovia.

> Le 10 janv. 2018 à 07:48, Craig Wilson <craig.wilson...@gmail.com> a écrit :
> 
> I'm working through the DRF tutorial and everything has been working fine up 
> until topic Object Level Permission. I have modified my project according to 
> the tutorial but I'm still able to delete and edit records related to other 
> users.
> 
> I created permissions.py file:
> 
> from rest_framework import permissions
> 
> 
> class IsOwnerOrReadOnly(permissions.BasePermission):
>     """
>     Custom permission to only allow owners of an object to edit it.
>     """
>     def has_object_permission(self, request, view, obj):
>         # Read permissions are allowed to any request,
>         # so we'll always allow GET, HEAD or OPTIONS requests.
>         if request.method in permissions.SAFE_METHODS:
>             return True
> 
>         # Write permissions are only allowed to the owner of the snippet.
>         return obj.owner == request.user
> 
> and modified SnippetDetail view:
> 
> 
> class SnippetDetail(generics.RetrieveUpdateDestroyAPIView):
>     """
>     Retrieve update or delete a code snippet
>     """
>     permissions_classes = (permissions.IsAuthenticatedOrReadOnly, 
> IsOwnerOrReadOnly,)
>     queryset = Snippet.objects.all()
>     serializer_class = SnippetSerializer
> 
> Where am I going wrong?
> 
> --
> You received this message because you are subscribed to the Google Groups 
> "Django REST framework" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-rest-framework+unsubscr...@googlegroups.com 
> <mailto:django-rest-framework+unsubscr...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout 
> <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to