1👍
Here is one of the options:
if request.user.groups.filter(id=self.document.editor_group.id).exists():
...post_comment
else:
...don't post comment
1👍
If you need to check something on a Document object, then solution below seems ok. You could use build_related_resource method of RelatedField class to get the resource from URI and turn it into a valid Django object. However, if you need to check for groups, permissions and authorization in general, you better have a look at Implementing Your Own Authentication/Authorization in django-tastypie docs.
class CommentResource(ModelResource):
user = fields.ForeignKey(UserResource, 'user')
document = fields.ForeignKey(DocumentResource, 'user')
def obj_create(self, bundle, request=None, **kwargs):
document_uri = json.loads(request.POST.keys()[0]['document'])
document = self.document.build_related_resource(document_uri).obj
if request.user.has_permission_to(document) or request.user.is_editor:
[...]
Source:stackexchange.com