from tastypie.authorization import Authorization


class LoginRequiredAuthorization(Authorization):
    """
    Equivalent to Django's login_required decorator
    Be careful with this; it will allow DELETE and everything else.

    """
    def is_authorized(self, request, object=None):
        # GET is always allowed
        if request.method == 'GET':
            return True
        return request.user.is_authenticated()


# Use like this in a ModelResource
class MyResource(ModelResource):
    class Meta:
        authorization = LoginRequiredAuthorization()
        allowed_methods = ['get', 'post', ...]  # pay attention to what you allow