Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-21 05:49:37 +02:00
Code Issues Releases Activity

permisison fixes

Browse source
This commit is contained in:
Sean Morley 2024-07-09 16:48:52 -04:00
parent d64abf2273
commit 67619aec57
8 changed files with 112 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

15
backend/server/adventures/permissions.py
View file

@ -12,4 +12,19 @@ class IsOwnerOrReadOnly(permissions.BasePermission):
return True
# Write permissions are only allowed to the owner of the object.
return obj.user_id == request.user
class IsPublicReadOnly(permissions.BasePermission):
"""
Custom permission to only allow read-only access to public objects,
and write access to the owner of the object.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed if the object is public
if request.method in permissions.SAFE_METHODS:
return obj.is_public or obj.user_id == request.user
# Write permissions are only allowed to the owner of the object
return obj.user_id == request.user