rest_framework.permissions.BasePermission class is the base class from which all customized permission classes should inherit to work with the Django REST framework. We want to make sure that only a drone owner can update or delete an existing drone.
Go to the
restful01/drones folder and create a new file named
custompermission.py. Write the following code in this new file. The following lines show the code for this file that declares the new
IsCurrentUserOwnerOrReadOnly class declared as a subclass of the
BasePermission class. The code file for the sample is included in the
hillar_django_restful_08_01 folder in the
from rest_framework import permissions class IsCurrentUserOwnerOrReadOnly(permissions.BasePermission): def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: # The method is a safe method...