Add authorization policy

Author: WasinTh

account/views.py

@@ -4,6 +4,7 @@
 from rest_framework.decorators import api_view
 from rest_framework import viewsets
 from rest_framework import generics
+from rest_framework import permissions
 from account.models import Transaction, Customer
 from account.serializers import TransactionSerializer, CustomerSerializer
 
@@ -28,6 +29,7 @@ def transaction_list_view(request):
 class TransactionView(generics.ListCreateAPIView):
     queryset = Transaction.objects.all()
     serializer_class = TransactionSerializer
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly]
 
 
 class CustomerView(generics.ListCreateAPIView):

personal_finance/settings.py

@@ -120,3 +120,9 @@
 # https://docs.djangoproject.com/en/3.1/howto/static-files/
 
 STATIC_URL = '/static/'
+
+REST_FRAMEWORK = {
+    'DEFAULT_PERMISSION_CLASSES': (
+        'rest_framework.permissions.IsAuthenticated',
+    ),
+}