commit abec39ccdec22ec42d0b89e3d0ca3cc7e7bba46a
author Scott Baker <smbaker@gmail.com> Fri Apr 08 12:42:38 2016 -0700
committer Scott Baker <smbaker@gmail.com> Fri Apr 08 12:42:38 2016 -0700
tree ed2ac4b6d5b12d9425ff6d1fafa11c38a38ba235
parent 78eb3061da14e8419f25d8adf9c4ec7137935bf6

permission check on create

xos/api/xosapi_helpers.py

diff --git a/xos/api/xosapi_helpers.py b/xos/api/xosapi_helpers.py
index 6b5e0e3..4dccb2a 100644
--- a/xos/api/xosapi_helpers.py
+++ b/xos/api/xosapi_helpers.py
@@ -44,12 +44,12 @@
                 create_fields[k] = validated_data[k]
         instance = self.Meta.model(**create_fields)
 
-#        if instance and hasattr(instance,"can_update") and self.context.get('request',None):
-#            user = self.context['request'].user
-#            if user.__class__.__name__=="AnonymousUser":
-#                raise XOSPermissionDenied()
-#            if not instance.can_update(user):
-#                raise XOSPermissionDenied()
+        if instance and hasattr(instance,"can_update") and self.context.get('request',None):
+            user = self.context['request'].user
+            if user.__class__.__name__=="AnonymousUser":
+                raise XOSPermissionDenied()
+            if not instance.can_update(user):
+                raise XOSPermissionDenied()
 
         for k in validated_data:
             if k in property_fields:
@@ -60,12 +60,6 @@
         return instance
 
     def update(self, instance, validated_data):
-#        if instance and hasattr(instance,"can_update") and self.context.get('request',None):
-#            user = self.context['request'].user
-#            if user.__class__.__name__=="AnonymousUser":
-#                raise XOSPermissionDenied()
-#            if not instance.can_update(user):
-#                raise XOSPermissionDenied()
         nested_fields = getattr(self, "nested_fields", [])
         for k in validated_data.keys():
             v = validated_data[k]