Create a new Python file named permissions.py
within the games
folder and enter the following code that, declares the new IsOwnerOrReadOnly
class. The code file for the sample is included in the restful_python_chapter_03_04
folder:
from rest_framework import permissions class IsOwnerOrReadOnly(permissions.BasePermission): def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: return True else: return obj.owner == request.user
The rest_framework.permissions.BasePermission
class is the base class from which all permission classes should inherit. The previous lines declare the IsOwnerOrReadOnly
class as a subclass of the BasePermission
class and overrides the has_object_permission
method defined in the superclass that returns a bool
value indicating whether the permission should be granted or not. If the HTTP verb specified in...