def has_object_permission(self, request, view, obj): if request.user.username in \ Quest.get_moderators(owner_username=obj) or \ request.user.username == obj or request.user.username in \ Mission.get_moderators(owner_username=obj): return True else: return False
def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: return True if request.user.username in \ Quest.get_moderators(obj.owner_username) or \ request.user.username == obj.owner_username: # Only allow the owner of the quest delete it if request.method == 'DELETE' and \ request.user.username != obj.owner_username: return False return True else: return False
def test_get_moderators(self): self.quest.moderators.connect(self.owner) res = Quest.get_moderators(self.owner.username) self.assertIn(self.owner.username, res)