Restrict object permissions to owners

This commit is contained in:
Tanner Collin 2021-04-15 01:35:23 +00:00
parent a913cce006
commit 5b4726bee8
2 changed files with 16 additions and 1 deletions

View File

@ -0,0 +1,3 @@
from rest_framework import permissions
# Add permissions here.

View File

@ -4,21 +4,33 @@ from rest_framework import permissions
from server.api import serializers, models
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all().order_by('-date_joined')
queryset = User.objects.all()
serializer_class = serializers.UserSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return [self.request.user]
class AccountViewSet(viewsets.ModelViewSet):
queryset = models.Account.objects.all()
serializer_class = serializers.AccountSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return self.queryset.filter(users=self.request.user)
class StackViewSet(viewsets.ModelViewSet):
queryset = models.Stack.objects.all()
serializer_class = serializers.StackSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return self.queryset.filter(account__users=self.request.user)
class TransactionViewSet(viewsets.ModelViewSet):
queryset = models.Transaction.objects.all()
serializer_class = serializers.TransactionSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return self.queryset.filter(stack__account__users=self.request.user)