Creation, Deletion and Update of Application implemented, it only wor…

…ks on own application

src/customPermissions.py → src/involvement/customPermissions.py

@@ -14,3 +14,9 @@ class ReadCreateUpdate(BasePermission):
     def has_permission(self, request, view):
         return True if request.method not in ["DELETE"] else False
 
+class OwnApplicationPermission(BasePermission):
+    """
+    Object-level permission to only allow updating his own profile
+    """
+    def has_object_permission(self, request, view, obj):
+        return obj.applicant == request.user

src/involvement/views/application_api.py

@@ -1,14 +1,17 @@
-from rest_framework import viewsets
+from rest_framework import viewsets, mixins
 from involvement.serializers.application_serializer import ApplicationSerializer
 from rest_framework.permissions import IsAuthenticated
 from involvement.models.application import Application
+from involvement.customPermissions import OwnApplicationPermission
 
 #Role view
-class ApplicationViewSet(viewsets.ReadOnlyModelViewSet):
+class ApplicationViewSet(viewsets.ModelViewSet):
     serializer_class = ApplicationSerializer
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, OwnApplicationPermission]
 
     def get_queryset(self):
         user = self.request.user
         queryset = Application.objects.filter(applicant=user)
         return queryset
+
+