Django Rest Framework

⌘K
  2. Home
  4. Docs
  6. Django Rest Framework
  8. শুধু মাত্র owner এডিট delete করতে পারবে

শুধু মাত্র owner এডিট delete করতে পারবে

permission.py নামে একটি ফাইল বানাই

এই পারমিশনের মাধ্যমে অন্যরা শুধু দেখতে পারবে অর্থাৎ গেট রিকোয়েস্ট দিতে পারবে কিন্তু put,delete করতে পারবে না

from rest_framework import permissions

class IsOwnerOrAdmin(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        # Check if the user is an admin
        if request.user and request.user.is_staff:
            return True
        # Check if the user is the owner of the object
        return obj.owner == request.user

class based view

RetrieveUpdateDestroyAPIView দ্বারা বলে দিলাম এটা Retrieve, এডিট ও ডিলিটের ভিউ

from rest_framework import generics
from .models import YourModel
from .serializers import YourModelSerializer
from .permissions import IsOwnerOrAdmin

class YourModelDetail(generics.RetrieveUpdateDestroyAPIView):
    queryset = YourModel.objects.all()
    serializer_class = YourModelSerializer

    # Apply the custom permission to this view
    permission_classes = [IsOwnerOrAdmin]

function based view

from rest_framework.decorators import permission_classes
from rest_framework.response import Response
from rest_framework import status
from .permissions import IsOwnerOrAdmin

@permission_classes([IsOwnerOrAdmin])  # Apply the custom permission
@api_view(['GET', 'PUT', 'DELETE'])
def your_model_detail(request, pk):
    try:
        obj = YourModel.objects.get(pk=pk)
    except YourModel.DoesNotExist:
        return Response(status=status.HTTP_404_NOT_FOUND)

    if request.method == 'GET':
        serializer = YourModelSerializer(obj)
        return Response(serializer.data)

    elif request.method == 'PUT':
        if obj.owner == request.user:  # Check if the user is the owner
            serializer = YourModelSerializer(obj, data=request.data)
            if serializer.is_valid():
                serializer.save()
                return Response(serializer.data)
            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
        return Response(status=status.HTTP_403_FORBIDDEN)  # User is not the owner

    elif request.method == 'DELETE':
        if obj.owner == request.user:  # Check if the user is the owner
            obj.delete()
            return Response(status=status.HTTP_204_NO_CONTENT)
        return Response(status=status.HTTP_403_FORBIDDEN)  # User is not the owner

How can we help?