Skip to content

Instantly share code, notes, and snippets.

@EdwardIII
Created June 5, 2013 10:13
Show Gist options
  • Save EdwardIII/5712914 to your computer and use it in GitHub Desktop.
Save EdwardIII/5712914 to your computer and use it in GitHub Desktop.
class UserSpecificResourcesAuthorization(Authorization):
def read_list(self, object_list, bundle):
# This assumes a ``QuerySet`` from ``ModelResource``.
return object_list.filter(user=bundle.request.user)
def read_detail(self, object_list, bundle):
# Is the requested object owned by the user?
return bundle.obj.user == bundle.request.user
def create_list(self, object_list, bundle):
# Assuming their auto-assigned to ``user``.
return object_list
def create_detail(self, object_list, bundle):
print "DEEEEEEEEEEEEEEBUG"
return bundle.obj.user == bundle.request.user
def update_list(self, object_list, bundle):
allowed = []
# Since they may not all be saved, iterate over them.
for obj in object_list:
if obj.user == bundle.request.user:
allowed.append(obj)
return allowed
def update_detail(self, object_list, bundle):
return bundle.obj.user == bundle.request.user
def delete_list(self, object_list, bundle):
# Sorry user, no deletes for you!
raise Unauthorized("Sorry, no deletes.")
def delete_detail(self, object_list, bundle):
raise Unauthorized("Sorry, no deletes.")
class ValueResource(ModelResource):
Practices = fields.ToManyField('dashboard.api.PracticeResource', 'practice_set', full=True, null=True)
class Meta:
queryset = Value.objects.all()
authorization = UserSpecificResourcesAuthorization()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment