Adding required permissions to views

Now that code snippets are associated with users, we want to make sure that only authenticated users are able to create, update and delete code snippets.

REST framework includes a number of permission classes that we can use to restrict who can access a given view. In this case the one we're looking for is IsAuthenticatedOrReadOnly, which will ensure that authenticated requests get read-write access, and unauthenticated requests get read-only access.

First add the following import in the views module

  1. from rest_framework import permissions

Then, add the following property to both the SnippetList and SnippetDetail view classes.

  1. permission_classes = [permissions.IsAuthenticatedOrReadOnly]