How I can delete a comment of post in django-rest?

Question

I'm a newbie to Django and Django-rest. I've written a blog app using django. I want to delete a comment by comment owner and post owner.thanks in advance this is my comment and post model:

class Post(models.Model):
    name = models.CharField(blank=True, max_length=60)
    caption = models.CharField(blank=True, max_length=280)
    status = models.CharField(blank=True, max_length=20)
    owner = models.ForeignKey(User, related_name='Post_owner', null=True, on_delete=models.CASCADE)
    created_at = models.TimeField(auto_now_add=True)
    multimedia = models.ManyToManyField(Media, related_name='Post', blank=True)

class Comment(models.Model):
    context = models.CharField(blank=True, max_length=280) 
    author = models.ForeignKey(User, related_name='comment_author', null=True, on_delete=models.CASCADE)
    created_at = models.TimeField(auto_now_add=True)
    post = models.ForeignKey(Post, related_name='comments', null=True, on_delete=models.CASCADE)

this is my serilaizers

class CommentSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Comment
        fields = ('id','context', 'author','created_at', 'post')

class PostSerializer(serializers.ModelSerializer):
    multimedia = PostMediaSerializer(many=True, read_only=True, required=False)
    comments = CommentSerializer(many=True, read_only=True)
    class Meta:
        model = models.Post
        fields = ('name', 'caption', 'status', 'owner', 'created_at', 'multimedia','comments')

and this is my view class to insert a comment:

class CreateCommentView(generics.RetrieveUpdateDestroyAPIView):

    queryset = Comment.objects.all()
    permission_classes = (IsAuthenticated,)
    serializer_class = post_serializer.CommentSerializer
    def put(self, request, pk=None):
        user = request.user
        data = request.data
        data['author'] = user.email
        data['post'] = pk
        serializer = self.get_serializer(data=data)
        if not serializer.is_valid(True):
            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
        serializer.save()
        return Response("comment created!", status=status.HTTP_202_ACCEPTED)

Answer 1

You can simply create your own permission to achieve that.

Create a permissions.py file if you have not done it yet and add the following:

#permissions.py

from rest_framework import permissions

class IsPostOrCommentOwner(permissions.BasePermission):

    def has_object_permission(self, request, view, obj):
        if request.method == "DELETE": 
            # check here if the user is owner of the post or comment
            return obj.author == request.user or obj.post.owner == request.user

        # else always return True.
        return True

Then, you can just add the newly created permission to your view.

# views.py

from .permissions.py import IsPostOrCommentOwner

class CreateCommentView(generics.RetrieveUpdateDestroyAPIView):

    queryset = Comment.objects.all()
    permission_classes = (IsAuthenticated, IsPostOrCommentOwner,)
    # etc ...

After that, only the post owner or comment author will be able to delete the comment. You can find out more about DRF permissions system here .