chore: Add TripViewSet and TripSerializer for managing trips
This commit is contained in:
Sean Morley
15
backend/server/adventures/permissions.py
Normal file
15
backend/server/adventures/permissions.py
Normal file
@@ -0,0 +1,15 @@
|
||||
from rest_framework import permissions
|
||||
|
||||
class IsOwnerOrReadOnly(permissions.BasePermission):
|
||||
"""
|
||||
Custom permission to only allow owners of an object to edit it.
|
||||
"""
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
# Read permissions are allowed to any request,
|
||||
# so we'll always allow GET, HEAD or OPTIONS requests.
|
||||
if request.method in permissions.SAFE_METHODS:
|
||||
return True
|
||||
|
||||
# Write permissions are only allowed to the owner of the object.
|
||||
return obj.user_id == request.user
|
||||
Reference in New Issue
Block a user