richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

restrict project creation to staff users

pull/1453/head
youichiro 3 years ago
parent
832035da5b
commit
6c70092362
1 changed files with 5 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      backend/api/views/project.py

6
backend/api/views/project.py
View File

@ -3,6 +3,7 @@ from rest_framework import generics, status
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from ..exceptions import ProjectCreationPermissionDenied
from ..models import Project
from ..permissions import IsInProjectReadOnlyOrAdmin
from ..serializers import ProjectPolymorphicSerializer, ProjectSerializer
@ -17,7 +18,10 @@ class ProjectList(generics.ListCreateAPIView):
return self.request.user.projects
def perform_create(self, serializer):
serializer.save(users=[self.request.user])
if self.request.user.is_staff:
serializer.save(users=[self.request.user])
else:
raise ProjectCreationPermissionDenied()
def delete(self, request, *args, **kwargs):
delete_ids = request.data['ids']

Write Preview
Loading…
Cancel
Save