I want only staff_user can add product and can add maximum up to 10 products.
I'm probably new to django. I have tried something like below, but i have no idea about how to validate to the staff_user that he can add up to 10 products maximum.
It would be great if anybody could help me what i'm trying to solve is. thank you so much in advance.
models.py
class Cuboid(models.Model):
created_by = models.ForeignKey(User, on_delete=models.CASCADE)
title = models.CharField(max_length=80)
length = models.ForeignKey('FilterLength', on_delete=models.CASCADE)
created_on= models.DateTimeField(default=datetime.now())
serializers.py
class CuboidCreateSerializers(serializers.ModelSerializer):
class Meta:
model = Cuboid
fields = "__all__"
views.py
class CuboidCreateAPIView(generics.CreateAPIView):
model = Cuboid
queryset = Cuboid.objects.all()
serializer_class = CuboidCreateSerializers
permission_classes = [IsStaff]
Use field-level validation of DRF
class CuboidCreateSerializers(serializers.ModelSerializer):
class Meta:
model = Cuboid
fields = "__all__"
There is a section in the documentation that outlines this: https://www.django-rest-framework.org/api-guide/permissions/
IsAdminUser The IsAdminUser permission class will deny permission to any user, unless user.is_staff is True in which case permission will be allowed.
Based on this, I believe you have to check for two things, isAuthenticated and user.is_staff both have to be true. It may be that is_staff already accounts for isAuthenticated.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.