tanner/cash-stacks
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Restrict object permissions to owners

Browse Source
This commit is contained in:
Tanner Collin
2021-04-15 01:35:23 +00:00
parent a913cce006
commit 5b4726bee8
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/server/api/permissions.py Normal file
View File

@@ -0,0 +1,3 @@
from rest_framework import permissions
# Add permissions here.

14
server/server/api/views.py
View File

@@ -4,21 +4,33 @@ from rest_framework import permissions
from server.api import serializers, models
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all().order_by('-date_joined')
queryset = User.objects.all()
serializer_class = serializers.UserSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return [self.request.user]
class AccountViewSet(viewsets.ModelViewSet):
queryset = models.Account.objects.all()
serializer_class = serializers.AccountSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return self.queryset.filter(users=self.request.user)
class StackViewSet(viewsets.ModelViewSet):
queryset = models.Stack.objects.all()
serializer_class = serializers.StackSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return self.queryset.filter(account__users=self.request.user)
class TransactionViewSet(viewsets.ModelViewSet):
queryset = models.Transaction.objects.all()
serializer_class = serializers.TransactionSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return self.queryset.filter(stack__account__users=self.request.user)