In this section, we'll create a permission class that the Django REST framework will use to check whether a user may perform an operation on a MailingList
or Subscriber
. This will perform a very similar role to the UserCanUseMailingList
mixin we created in Chapter 10, Starting Mail Ape.
Let's create ourCanUseMailingList
class in django/mailinglist/permissions.py
:
from rest_framework.permissions import BasePermission
from mailinglist.models import Subscriber, MailingList
class CanUseMailingList(BasePermission):
message = 'User does not have access to this resource.'
def has_object_permission(self, request, view, obj):
user = request.user
if isinstance(obj, Subscriber):
return obj.mailing_list.user_can_use_mailing_list(user)
elif isinstance(obj, MailingList):
return obj.user_can_use_mailing_list(user)
return False
Let's take a closer look at some of the new elements introduced in our CanUseMailingList
class:
BasePermission...