1👍
To ensure that a user can delete a comment only authored by him (by sending a DELETE
reqeust), you need to implement your authorization class like below.
from tastypie.authorization import Authorization
from tastypie.exceptions import Unauthorized
class MyAuthorization(Authorization)
def delete_detail(self, object_list, bundle):
"""
Returns True or false based on authorized after applying
your logic. You can even raise an exception if unauthorized.
"""
if authorized:
return True
else:
#raise Unauthorized("Sorry, can't delete other user's comments.")
return False
Source:stackexchange.com