From 1bf712341508b5d9aa07fb62f55b7e495278fabf Mon Sep 17 00:00:00 2001
From: Filipe Ximenes <filipeximenes@gmail.com>
Date: Tue, 20 Aug 2013 16:24:13 -0300
Subject: [PATCH] improving documentation about object level permissions #1049

---
 docs/api-guide/generic-views.md | 5 ++++-
 docs/api-guide/permissions.md   | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/api-guide/generic-views.md b/docs/api-guide/generic-views.md
index 32a4feef4..2a585f9c2 100755
--- a/docs/api-guide/generic-views.md
+++ b/docs/api-guide/generic-views.md
@@ -108,7 +108,10 @@ For example:
         filter = {}
         for field in self.multiple_lookup_fields:
             filter[field] = self.kwargs[field]
-        return get_object_or_404(queryset, **filter)
+
+        obj = get_object_or_404(queryset, **filter)
+        self.check_object_permissions(self.request, obj)
+        return obj
 
 #### `get_serializer_class(self)`
 
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md
index c6372f981..bb7343aff 100644
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@@ -28,6 +28,13 @@ If you're writing your own views and want to enforce object level permissions,
 you'll need to explicitly call the `.check_object_permissions(request, obj)` method on the view at the point at which you've retrieved the object.
 This will either raise a `PermissionDenied` or `NotAuthenticated` exception, or simply return if the view has the appropriate permissions.
 
+For example:
+
+    def get_object(self):
+        obj = get_object_or_404(self.get_queryset())
+        self.check_object_permissions(self.request, obj)
+        return obj
+
 ## Setting the permission policy
 
 The default permission policy may be set globally, using the `DEFAULT_PERMISSION_CLASSES` setting.  For example.