Without this PR any user (including ones made through the google signin feature) can post, update, and delete any entries for most of our data. This adds a new permission where anyone can access the data but not post to it.
I also added tests to make sure that user data was only accessible to admins (IsAdminUser), which checks for if an 'is_staff' Boolean is true.
Without this PR any user (including ones made through the google signin feature) can post, update, and delete any entries for most of our data. This adds a new permission where anyone can access the data but not post to it.
I also added tests to make sure that user data was only accessible to admins (IsAdminUser), which checks for if an 'is_staff' Boolean is true.