Adds permission for editing clubs

2 years ago · a6f72155da
parent 3c500643b1
commit a6f72155da
2 changed files with 13 additions and 1 deletions
--- a/tournaments/permissions.py
+++ b/tournaments/permissions.py
@ -0,0 +1,11 @@
+from rest_framework import permissions
+
+class IsClubOwner(permissions.BasePermission):
+
+    def has_object_permission(self, request, view, club):
+        # Check if the request user is the owner of the club
+
+        print(club.creator.id)
+        print(request.user.id)
+
+        return club.creator == request.user
--- a/tournaments/views.py
+++ b/tournaments/views.py
@ -23,6 +23,7 @@ from rest_framework import status
 from rest_framework.generics import UpdateAPIView
 from rest_framework.exceptions import MethodNotAllowed
 from rest_framework.permissions import IsAuthenticated
+from .permissions import IsClubOwner
 from django.template import loader
 from datetime import date
 from django.http import JsonResponse
@ -230,7 +231,7 @@ class UserViewSet(viewsets.ModelViewSet):
 class ClubViewSet(viewsets.ModelViewSet):
    queryset = Club.objects.all()
    serializer_class = ClubSerializer
-    permission_classes = [] # Clubs are public whereas the other requests are only for logged users
+    permission_classes = [IsClubOwner] # Clubs are public whereas the other requests are only for logged users

 class TournamentViewSet(viewsets.ModelViewSet):
    queryset = Tournament.objects.all()