def lookup_only_for_admins(request): user = getattr(request, 'user', None) if user is None or not user.is_authenticated(): return HttpResponse(status=401) # Unauthorized elif not is_admin(user): return HttpResponseForbidden() else: return None
def test_func(self): return is_admin(self.request.user)
def has_permission(self, request, view): return is_admin(request.user)