[Answer]-Deleting a resource only if the DELETE request is by the resource's owner in django-tastypie

1👍

1. delete_detail(self, request, **kwargs)

Resource.delete_detail(self, request, **kwargs)

This method destroys a single resource/object.

It calls obj_delete. If the resource is deleted, it returns HttpNoContent (204 No Content). If the resource did not exist, return HttpNotFound (404 Not Found).

It has request as a argument and also a kwargs dictionary.

2. delete_detail(self, object_list, bundle):

This is used when implementing your own authorization class.

This method takes two parameters, object_list & bundle.

object_list is the collection of objects being processed as part of the request. FILTERING & other restrictions to the set will have already been applied prior to this call.

bundle is the populated Bundle object for the request.

As per the docs,

In the case of the *_detail methods, you’ll have access to the
object_list (so you know if a given object fits within the overall
set), BUT you’ll want to be inspecting bundle.obj & either returning
True if they should be allowed to continue or raising the Unauthorized
exception if not.

Raising Unauthorized will cause a HTTP 401 error status code in the
response.

This method is used for authorization. Here, you will return True if it is authorized to continue else raise an exception.

This is different from the former as there you are deleting an object/instance but here you are authorizing and verifying what someone can do with the resources in your API.

Since in your own case, the comment gets deleted only if the DELETE request is sent by the user who wrote this comment you need to use the 2nd method. Users are authorized to delete only their comments and not of others. object_list here will be Comments of that user after filtering from all the comment objects.

Leave a comment