I want to restrict update of a record to the record owner in an
UpdateAPIView with Django REST, but I don't know how to code the method.
For example, something like this:
from rest_framework import generics
from testapp.serializers import UserProfileSerializer
from rest_framework.renderers import JSONRenderer
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import permissions
from oauth2_provider.ext.rest_framework import TokenHasReadWriteScope
class UserProfileView(generics.UpdateAPIView):
permission_classes = [permissions.IsAuthenticated,
TokenHasReadWriteScope]
serializer_class = UserProfileSerializer
queryset = UserProfile.objects.all()
# patch method?
# if UserProfile user != self.request.user:
# raise exceptions.PermissionDenied
# else:
# continue as normal
Where "user" is a field on the UserProfile model.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/61d98fdd-c40d-4ec4-9914-9e505ecc8f54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
