From 09f3eedb235b476202cbd4e5a94b883898f3f661 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 3 Nov 2014 15:23:16 +0000 Subject: [PATCH] Add notes re view-level and instance-level permissions checks. Closes #1819. --- docs/api-guide/permissions.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index e867a4569..f3ae81717 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -183,11 +183,7 @@ If you need to test if a request is a read operation or a write operation, you s --- -**Note**: In versions 2.0 and 2.1, the signature for the permission checks always included an optional `obj` parameter, like so: `.has_permission(self, request, view, obj=None)`. The method would be called twice, first for the global permission checks, with no object supplied, and second for the object-level check when required. - -As of version 2.2 this signature has now been replaced with two separate method calls, which is more explicit and obvious. The old style signature continues to work, but its use will result in a `PendingDeprecationWarning`, which is silent by default. In 2.3 this will be escalated to a `DeprecationWarning`, and in 2.4 the old-style signature will be removed. - -For more details see the [2.2 release announcement][2.2-announcement]. +**Note**: The instance-level `has_object_permission` method will only be called if the view-level `has_permission` checks have already passed. Also note that in order for the instance-level checks to run, the view code should explicitly call `.check_object_permissions(request, obj)`. If you are using the generic views then this will be handled for you by default. ---