noPostIfNotStaff.py 347 Bytes
Newer Older
1
2
3
4
5
from rest_framework import permissions


class NoPostIfNotStaff(permissions.BasePermission):
    """
Florent Chehab's avatar
Florent Chehab committed
6
    Permission to allow POST request to a viewset only if the user is a member of the staff.
7
8
9
    """

    def has_permission(self, request, view):
10
        if request.method == "POST":
11
12
13
            return request.user.is_staff

        return True