IsAdminOrReadOnly permission added

backend/models/tools/__init__.py

@@ -4,3 +4,4 @@ from .validateWithRestFramework import validate_with_rest_framework  # noqa: F40
 from .noDeleteIfNotAdmin import NoDeleteIfNotAdmin  # noqa: F401
 from .isOwner import IsOwner  # noqa: F401
 from .noDelete import NoDelete  # noqa: F401
+from .isAdminOrReadOnly import IsAdminOrReadOnly  # noqa: F401

backend/models/tools/isAdminOrReadOnly.py

+from rest_framework import permissions
+
+
+class IsAdminOrReadOnly(permissions.BasePermission):
+
+    def has_permission(self, request, view):
+        if request.user.is_staff:
+            return True
+
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return False