user modification enabled

2021-02-01 13:32:34 +00:00
parent b8cd663fee
commit ee33b327fa
5 changed files with 45 additions and 8 deletions
--- a/back_latienda/permissions.py
+++ b/back_latienda/permissions.py
@@ -41,13 +41,24 @@ class CustomUserPermissions(permissions.BasePermission):
    """
    Custom permissions for managing custom user instances
    """
+
+    def has_object_permission(self, request, view, obj):
+        # check for object permissions
+        if obj.email == request.user.email:
+            return True
+        elif request.user.is_staff is True:
+            return True
+        else:
+            return False
+
    def has_permission(self, request, view):
        # allow anon users to create new CustomUser (inactive)
        if request.method == 'POST' and request.user.is_anonymous is True:
            return True
-
+        elif request.method == 'PUT' and request.user.is_authenticated is True:
+            return True
        # only admins can change or delete
-        if request.user.is_staff is True:
+        elif request.user.is_staff is True:
            return True

        # for everything else