EdwardIII/api.py

## api.py
class UserSpecificResourcesAuthorization(Authorization):
    def read_list(self, object_list, bundle):
        # This assumes a ``QuerySet`` from ``ModelResource``.
        return object_list.filter(user=bundle.request.user)

    def read_detail(self, object_list, bundle):
        # Is the requested object owned by the user?
        return bundle.obj.user == bundle.request.user

    def create_list(self, object_list, bundle):
        # Assuming their auto-assigned to ``user``.
        return object_list

    def create_detail(self, object_list, bundle):
        print "DEEEEEEEEEEEEEEBUG"
        return bundle.obj.user == bundle.request.user

    def update_list(self, object_list, bundle):
        allowed = []

        # Since they may not all be saved, iterate over them.
        for obj in object_list:
            if obj.user == bundle.request.user:
                allowed.append(obj)

        return allowed

    def update_detail(self, object_list, bundle):
        return bundle.obj.user == bundle.request.user

    def delete_list(self, object_list, bundle):
        # Sorry user, no deletes for you!
        raise Unauthorized("Sorry, no deletes.")

    def delete_detail(self, object_list, bundle):
        raise Unauthorized("Sorry, no deletes.")


class ValueResource(ModelResource):
    Practices = fields.ToManyField('dashboard.api.PracticeResource', 'practice_set', full=True, null=True)
    class Meta:
        queryset = Value.objects.all()
        authorization = UserSpecificResourcesAuthorization()
	class UserSpecificResourcesAuthorization(Authorization):
	def read_list(self, object_list, bundle):
	# This assumes a ``QuerySet`` from ``ModelResource``.
	return object_list.filter(user=bundle.request.user)

	def read_detail(self, object_list, bundle):
	# Is the requested object owned by the user?
	return bundle.obj.user == bundle.request.user

	def create_list(self, object_list, bundle):
	# Assuming their auto-assigned to ``user``.
	return object_list

	def create_detail(self, object_list, bundle):
	print "DEEEEEEEEEEEEEEBUG"
	return bundle.obj.user == bundle.request.user

	def update_list(self, object_list, bundle):
	allowed = []

	# Since they may not all be saved, iterate over them.
	for obj in object_list:
	if obj.user == bundle.request.user:
	allowed.append(obj)

	return allowed

	def update_detail(self, object_list, bundle):
	return bundle.obj.user == bundle.request.user

	def delete_list(self, object_list, bundle):
	# Sorry user, no deletes for you!
	raise Unauthorized("Sorry, no deletes.")

	def delete_detail(self, object_list, bundle):
	raise Unauthorized("Sorry, no deletes.")


	class ValueResource(ModelResource):
	Practices = fields.ToManyField('dashboard.api.PracticeResource', 'practice_set', full=True, null=True)
	class Meta:
	queryset = Value.objects.all()
	authorization = UserSpecificResourcesAuthorization()