Arun
Reputation: 2003
Django: Prevent users from editing other accounts
I have created a simple API for editing user profile.
class EditProfile(generics.UpdateAPIView):
serializer_class = UserSerializer
queryset = get_user_model().objects.all()
permission_classes = (IsAuthenticated,)
How can I prevent the user from editing other user's profile?
Upvotes: 0
Views: 116
Answers (1)
Daniel Roseman
Reputation: 599778
You should simply define get_object so that it always returns the current user.
def get_object(self):
return self.request.user
Note there's now no need to specify a slug parameter in the URL.
Upvotes: 1
Related Questions
- Django restrict other users from editing posts
- Only allow a field to be edited and NOT written to in Django Rest Framework
- How can I make only superusers to edit model
- How to allow user to modify only his data in Django Rest Framework
- Prevent users from creating Django account with username on list
- Django Rest Framework how to forbid users to change their username?
- Django - How can I prevent access to other users' objects?
- Django REST framework: restricting user access for objects
- How to restrict User can only edit their profile in django?
- django - limit users to edit only their own information