Nicolas Bouliane

Tastypie: only allow a user to use its own resources Posted on

If you want to limit user access to the resources they own in Tastypie, define obj_create and apply_authorization_limits as such. This will automatically assign created items to the current user, and only return resources that belong to the current user.

from tastypie.resources import ModelResource
from notes.models import Note

class NoteResource(ModelResource):
    class Meta:
        queryset = Note.objects.all()
        resource_name = 'note'

    # ...

    def obj_create(self, bundle, **kwargs):
        Assign created notes to the current user
        return super(NoteResource, self).obj_create(bundle, user=bundle.request.user)

    def apply_authorization_limits(self, request, object_list):
        Return the user's notes
        return object_list.filter(user=request.user)

This example is taken straight from the official documentation