def get_permissions(self): if self.request.method in permissions.SAFE_METHODS: return (permissions.IsAuthenticated(), IsAccountOwner(), ) if self.request.method == 'POST': return (permissions.AllowAny(),) return (permissions.IsAuthenticated(), IsAccountOwner(),)
def get_permissions(self): if self.request.method == 'GET': # user can't get random users, only search by email return ( permissions.IsAuthenticated(), IsAccountOwner(), ) if self.request.method in permissions.SAFE_METHODS: return (permissions.IsAuthenticated(), ) if self.request.method == 'POST': return (permissions.IsAuthenticated(), ) return ( permissions.IsAuthenticated(), IsAccountOwner(), )
def get_permissions(self): # Dangerous METHODs (update, delete) can only be called by the account's owner if self.request.method in permissions.SAFE_METHODS: return (permissions.AllowAny(), ) if self.request.method == 'POST': return (permissions.AllowAny(), ) return ( permissions.IsAuthenticated(), IsAccountOwner(), )
def get_permissions(self): # Allow safe methods like GET but resrict everything else to account owner if self.request.method in permissions.SAFE_METHODS: return (permissions.AllowAny(), ) # Explicitly allow account creation by any/all if self.request.method == 'POST': return (permissions.AllowAny(), ) return ( permissions.IsAuthenticated(), IsAccountOwner(), )
def get_permissions(self): #GETs and POSTs are safe methods if self.request.method in permissions.SAFE_METHODS: return (permissions.AllowAny(), ) #We want to allow anyone to create an account if self.request.method == 'POST': return (permissions.AllowAny(), ) return ( permissions.IsAuthenticated(), IsAccountOwner(), )
def get_permissions(self): # Alright, is this dude trying to update or delete existing data? if self.request.method in permissions.SAFE_METHODS: return (permissions.AllowAny(), ) # Allow anyone to create an account if self.request.method == 'POST': return (permissions.AllowAny(), ) # Let's see if this user is logged in and if they are trying to mess with their own stuff return ( permissions.IsAuthenticated(), IsAccountOwner(), )
def get_permissions(self): """ We allow anyone to use requests in SAFE_METHODS (GET, HEAD, OPTIONS), and anyone to POST to create a new user. Otherwise, require authentication and to be owner of the Account. TODO: we might want only authenticated users to be able to view Account info for other users. """ if self.request.method in permissions.SAFE_METHODS: return (permissions.AllowAny(), ) if self.request.method == 'POST': return (permissions.AllowAny(), ) return ( permissions.IsAuthenticated(), IsAccountOwner(), )
def get_permissions(self): if self.request.method in permissions.SAFE_METHODS or self.request.method == "POST": return permissions.AllowAny(), return permissions.IsAuthenticated(), IsAccountOwner(),
def get_permissions(self): return (IsAccountOwner(),)