As a user I want my information protected by having an administrator in charge of who gets to view my information.
Solution
Add this code to views.py:
class IsStaffUser(BasePermission):
"""
Custom permission to only allow staff users.
"""
def has_permission(self, request, view):
# Check if user is authenticated and is_staff is True
print("Debug user", request.user.is_staff, request.user.is_authenticated, request.user.is_superuser, request.user.is_active, request.user.is_anonymous, request.user.username, request.user.email, request.user.first_name, request.user.last_name, request.user.is_staff, request.user.is_superuser, request.user.is_active)
print(request.user.__dict__)
return request.user.is_staff
class IsStaffUserOrReadOnly(BasePermission):
"""
Custom permission to only allow staff users.
"""
def has_permission(self, request, view):
# Check if user is authenticated and is_staff is True
return request.user.is_staff or request.method in SAFE_METHODS
Then change permission_classes[IsAuthenticated] to permision_classes[IsStaffUser]
Overview
As a user I want my information protected by having an administrator in charge of who gets to view my information.
Solution
Add this code to views.py: