From 41f7ab2ff5bf28b4a4aa22fcfbc9545c2dfb6ae4 Mon Sep 17 00:00:00 2001
From: Sander Roosendaal <roosendaalsander@gmail.com>
Date: Wed, 4 Jan 2017 12:51:14 +0100
Subject: [PATCH] Chart permissions

---
 rowers/urls.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/rowers/urls.py b/rowers/urls.py
index 94febda1..5d98324d 100644
--- a/rowers/urls.py
+++ b/rowers/urls.py
@@ -59,10 +59,23 @@ class RowerViewSet(viewsets.ModelViewSet):
         IsOwnerOrNot,
         )
 
+    http_method_names = ['get','patch']
+
+    
 class FavoriteChartViewSet(viewsets.ModelViewSet):
     model = FavoriteChart
     serializer_class = FavoriteChartSerializer
-    queryset = FavoriteChart.objects.all()
+    #queryset = FavoriteChart.objects.all()
+
+    def get_queryset(self):
+        r = Rower.objects.filter(user=self.request.user)
+        return FavoriteChart.objects.filter(user=r)
+
+    permission_classes = (
+        IsOwnerOrNot,
+        )
+
+    http_method_names = ['get','put','patch','delete']
     
 class StrokeDataViewSet(viewsets.ModelViewSet):
     serializer_class = StrokeDataSerializer