Skip to content

Instantly share code, notes, and snippets.

@thisboyiscrazy

thisboyiscrazy/owner_authorization.py

Last active December 15, 2015 18:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thisboyiscrazy/5305607 to your computer and use it in GitHub Desktop.
Save thisboyiscrazy/5305607 to your computer and use it in GitHub Desktop.
Download ZIP
Small Authorization class for tasypie. Allow Create, Read, Update, and Delete of users items.
Raw
owner_authorization.py
class Authorization(object):
def auth_item(self,object_list,bundle):
return bundle.obj.user_id = request.user.id
def create_detail(self,object_list,bundle): return self.auth_item(object_list,bundle)
def read_detail(self,object_list,bundle): return self.auth_item(object_list,bundle)
def update_detail(self,object_list,bundle): return self.auth_item(object_list,bundle)
def delete_detail(self,object_list,bundle): return self.auth_item(object_list,bundle)
def auth_list(self,object_list,bundle):
allowed = []
# Since they may not all be saved, iterate over them.
for obj in object_list:
if obj.user_id == bundle.request.user.id:
allowed.append(obj)
return allowed
def create_list(self,object_list,bundle): return self.auth_list(object_list,bundle)
def update_list(self,object_list,bundle): return self.auth_list(object_list,bundle)
def delete_list(self,object_list,bundle): return self.auth_list(object_list,bundle)
def read_list(self,object_list,bundle): return self.auth_list(object_list,bundle)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment