django - Rejecting some POSTs for some users -
this should simple question, yet keep drawing blanks drf documentation.
models.py:
class datapoint(models.model): value = models.integerfield() ... serializers.py:
class datapointserializer(serializers.modelserializer): class meta: model = datapoint fields = ('value', ...) views.py:
class datapointviewset(viewsets.modelviewset): queryset = datapoint.objects.all() serializer_class = datapointserializer permission_classes = [permissions.isauthenticated, ] ... i want every logged-in user able , post viewset. restriction non-staff users need keep value below 100, this:
if request.data['value'] > 100 , not request.user.is_staff: raise permissiondeniedvalidationerrorwhatareyoudoing("santaz gonna know") my question boils down to:
is job custom validator or permission?
problem permission drf (specifically mixins.createmodelmixin) happily save posted data without checking permissions. later permissions consulted (when get_object() called, afaics).
problem validators don't have access request, , seems overkill try inject request there.
what missing?
p.s.
same restriction should applied put , patch also.
is job custom validator or permission?
this validation job.
validators have access general context through set_context method. see using set_context
Comments
Post a Comment