def has_object_permission(self, request, view, obj):
if request.user.username in \
Quest.get_moderators(owner_username=obj) or \
request.user.username == obj or request.user.username in \
Mission.get_moderators(owner_username=obj):
return True
else:
return False
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
if request.user.username in \
Quest.get_moderators(obj.owner_username) or \
request.user.username == obj.owner_username:
# Only allow the owner of the quest delete it
if request.method == 'DELETE' and \
request.user.username != obj.owner_username:
return False
return True
else:
return False
def test_get_moderators(self):
self.quest.moderators.connect(self.owner)
res = Quest.get_moderators(self.owner.username)
self.assertIn(self.owner.username, res)
