I am trying to write a custom IsOwner permission for a DRF function based view that has a parameter of user_id. The view is as follows:
@api_view(['GET'])
@permission_classes([permissions.IsAuthenticatedOrReadOnly])
def return_credibility(request, user_id):
credibility = utils.get_credibility(user_id)
return Response({'id': user_id, 'credibility': credibility})
Except I would want to replace permissions.IsAuthenticatedOrReadOnly with my custom IsOwner permission.
I tried writing something like this:
class IsOwner(permissions.BasePermission):
def has_permission(self, request, view):
return request.user.id == view.user_id
Except I am not sure how to access the user_id property from the view. Does anyone know how I can do this?
You can get user_id from view.kwargs.
class IsOwner(permissions.BasePermission):
def has_permission(self, request, view):
return request.user.id == view.kwargs['user_id']