Updated Edit Post Permission/Authentication Settings

[arjunrawal07]

• Related Issue (include '#'):

  556

• Description of changes made: Added filtering settings to PostDetail View to ensure only the user who is the author of a Post object can edit that Post.

• Is the feature complete/bug resolved/etc..: Yes. I tested in Postman. After making a dummy account, I could only update the Post I had created, and was unable to edit Posts others had created (from the seed data).

• Any known bugs/strange behavior: Not yet.

• Is there specific feedback you would like on these changes: I initially tried making a separate Permissions file with a "IsOwnerOrReadOnly" permission class, then importing that into the PostDetail View. I haven't figured out why, but this approach did not work. I was still able to update posts I did not create/author.

• Screenshot(s):

[mrrogercampbell]

Hey @arjunrawal07, could you please provide me the Postman Request you used to test this? I would like to use them on this end to verify everything is working.

[arjunrawal07]

@rc1336 Of course. Please see below for a post I created through a dummy I account I made.

Before submitting the PUT request, you have to login, and store the token given to you after logging in as an Authorization Header in Postman.

Request Method: PUT Endpoint(insert primary key, or id, of Post at end of url): http://localhost:8000/posts/16 Body: { "id": 16, "post_type": "Post", "title": "TESTING12345678!!!", "time": "2020-05-14T19:01:59.021103Z", "body": "TESTING123", "likes": 0, "author": 7, "parent": [ 6 ] }

[clarknoah]

@arjunrawal07 hey you've got a conflict in your pipfile.lock, fix that so I can work on merging this baby!

[arjunrawal07]

@clarknoah I believe I've resolved the conflict.

[mrrogercampbell]

@arjunrawal07 Testing this now.