[Answer]-Can I disallow delete queries on all instances of a resource in tastypie?

1👍

You’ll have to implement your own authorization as described in the documentation:

class CustomAuthorization(Authorization):
    def delete_list(self, object_list, bundle):
        raise Unauthorized("You cannot delete multiple objects at once.")
        # or 
        return []

Raising an error will return a HTTP 401 status code, while returning an empty list will return a HTTP 200 status code. Both will not delete any items.

You can create a subclass of any of the default authorization classes to inherit their behaviour, or you can create your own class and implement all required methods.

EDIT: As you found out, the easiest way to do this is to specify the list_allowed_methods attribute in the resource’s Meta:

class MyResource(models.ModelResource):
    class Meta:
        list_allowed_methods = ['get', 'post', 'put', 'patch'] # no 'delete'

This will set the allowed methods for requests for multiple objects. It’s counterpart detail_allowed_methods will set the allowed methods for single object requests.

👤knbk

Leave a comment