I want to restrict update of a record to the record owner in an UpdateAPIView with Django REST, but I don't know how to code the method.
For example, something like this: from rest_framework import generics from testapp.serializers import UserProfileSerializer from rest_framework.renderers import JSONRenderer from rest_framework.response import Response from rest_framework.views import APIView from rest_framework import permissions from oauth2_provider.ext.rest_framework import TokenHasReadWriteScope class UserProfileView(generics.UpdateAPIView): permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope] serializer_class = UserProfileSerializer queryset = UserProfile.objects.all() # patch method? # if UserProfile user != self.request.user: # raise exceptions.PermissionDenied # else: # continue as normal Where "user" is a field on the UserProfile model. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/61d98fdd-c40d-4ec4-9914-9e505ecc8f54%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.