changes to views permissions

back_latienda/permissions.py

@@ -3,12 +3,12 @@ from rest_framework import permissions
 
 class IsCreator(permissions.BasePermission):
     """
-    Grant permission is request.user same as obj.creator
+    Grant permission if request.user same as obj.creator
     """
 
     def has_object_permission(self, request, view, obj):
         if obj is not None:
-            # allow is authenticated and method is safe
+            # allow if authenticated and method is safe
             if request.method in permissions.SAFE_METHODS:
                 return True
 
@@ -20,6 +20,17 @@ class IsCreator(permissions.BasePermission):
         return False
 
 
+class IsStaff(permissions.BasePermission):
+    """
+    Grant permission if request.user.is_staff is True
+    """
+
+    def has_object_permission(self, request, view, obj):
+        if obj is not None:
+            if request.user.is_staff is True:
+                return True
+        return False
+
 class ReadOnly(permissions.BasePermission):
     def has_permission(self, request, view):
         return request.method in permissions.SAFE_METHODS