diff --git a/snippets/permissions.py b/snippets/permissions.py index 060c410d..ba9ea092 100644 --- a/snippets/permissions.py +++ b/snippets/permissions.py @@ -11,7 +11,6 @@ def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: return True - method = request.method - # Write permissions are only allowed to the owner of the snippet return obj.owner == request.user + \ No newline at end of file diff --git a/snippets/views.py b/snippets/views.py index 10dfbe4d..9db142af 100644 --- a/snippets/views.py +++ b/snippets/views.py @@ -24,8 +24,8 @@ class SnippetViewSet(viewsets.ModelViewSet): """ queryset = Snippet.objects.all() serializer_class = SnippetSerializer - permission_classes = (permissions.IsAuthenticatedOrReadOnly,) -# IsOwnerOrReadOnly,) + permission_classes = (permissions.IsAuthenticatedOrReadOnly, + IsOwnerOrReadOnly,) @detail_route(renderer_classes=(renderers.StaticHTMLRenderer,)) def highlight(self, request, *args, **kwargs):