How to restrict update of a record to the record owner in Django REST?

[Daniel Grace]

I want to restrict update of a record to the record owner in an UpdateAPIView with Django REST, but I don't know how to code the method.

For example, something like this:

from rest_framework import generics

from testapp.serializers import UserProfileSerializer

from rest_framework.renderers import JSONRenderer

from rest_framework.response import Response

from rest_framework.views import APIView

from rest_framework import permissions

from oauth2_provider.ext.rest_framework import TokenHasReadWriteScope

class UserProfileView(generics.UpdateAPIView):

    permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]

    serializer_class = UserProfileSerializer

    queryset = UserProfile.objects.all()

    # patch method?

    # if UserProfile user != self.request.user:

    #     raise exceptions.PermissionDenied

    # else:

    #     continue as normal

Where "user" is a field on the UserProfile model.

[Daniel Grace]

I found a solution based on the example in REST API guide:

http://www.django-rest-framework.org/api-guide/permissions/#examples