(self)
| 209 | lookup_field = "uuid" |
| 210 | |
| 211 | def get_object(self) -> User: |
| 212 | lookup_value = self.kwargs[self.lookup_field] |
| 213 | request_user = cast(User, self.request.user) # Must be authenticated to access this endpoint |
| 214 | if lookup_value == "@me": |
| 215 | return request_user |
| 216 | |
| 217 | if not request_user.is_staff: |
| 218 | raise exceptions.PermissionDenied( |
| 219 | "As a non-staff user you're only allowed to access the `@me` user instance." |
| 220 | ) |
| 221 | |
| 222 | return super().get_object() |
| 223 | |
| 224 | def get_queryset(self): |
| 225 | queryset = super().get_queryset() |
no outgoing calls
no test coverage detected