Hello!
I have a similar requirement from my project and heres what I did.
1. First you need to create a permissions.py file which contains a class
Here is a sample code snippet.
class UpdateOwnPost(permissions.BasePermission):
"""Allow user to edit their own project"""
def has_object_permission(self, request, view, obj):
"""If method belongs to SAFE METHODS like GET or PATCH always return
True which allows the permission
if request.method in permissions.SAFE_METHODS:
return True
"""Here is when you do the filtering on your object model"""
return obj.user.id == request.user.id
2. Then on your views.py file use that permission class on the
*permission_classes* on your *Viewset*.
class PostViewSet(viewsets.ModelViewSet):
"""Post viewset"""
authentication_classes = (TokenAuthentication,)
serializer_class = serializers.ProjectSerializer
permission_classes = (
permissions.UpdateOwnPost,
IsAuthenticated,
)
Hope this helps.
On Thursday, 7 April 2022 at 20:20:31 UTC+8 phans...@gmail.com wrote:
> Hello everybody Please kindly help me out for my Django project I try to
> update the post from the specific admin but even i'm not belong to that
> post but i'm still can update that post so the point is I want to allow
> user can only update the post who belong to that post I meant who own that
> post .
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/6ed1630b-8ee3-4a44-ab76-e3b7fc12ba4bn%40googlegroups.com.
