I created permission for my view, and its work but I dont know how I can test if patch request will work with user without permission.
permission.py
class IsObjectCreator(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return request.user == obj.user
views.py
class TaskDetailAPIView(APIView):
permission_classes = [IsObjectCreator]
def get_object(self, id):
try:
return Task.objects.get(id=id)
except Task.DoesNotExist:
raise Http404
def get(self, request, id):
task = self.get_object(id)
serializer = TaskSerializer(task)
return Response(serializer.data)
def patch(self, request, id):
task = self.get_object(id)
serializer = StatusSerializer(task, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
In normal Django view I can check if response contain form, but I dont know how in API I can test if response contain patch method.
Aucun commentaire:
Enregistrer un commentaire