encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-11-10 19:56:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

better doc for object permissions, drop redundant has_permission call

Browse Source
This commit is contained in:
bwreilly 2013-09-09 09:32:29 -07:00
parent 0183c69538
commit 23fc9dd53f
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
rest_framework/permissions.py
View File

@ -154,7 +154,14 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions):
class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
"""
Basic object level permissions utilizing django-guardian.
The request is authenticated using `django.contrib.auth` permissions.
See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions
It ensures that the user is authenticated, and has the appropriate
`add`/`change`/`delete` permissions on the object using .has_perms.
This permission can only be applied against view classes that
provide a `.model` or `.queryset` attribute.
"""
actions_map = {
@ -173,12 +180,6 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
}
return [perm % kwargs for perm in self.actions_map[method]]
def has_permission(self, request, view):
if getattr(view, 'action', None) == 'list':
queryset = view.get_queryset()
view.queryset = ObjectPermissionReaderFilter().filter_queryset(request, queryset, view)
return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view)
def has_object_permission(self, request, view, obj):
model_cls = getattr(view, 'model', None)
queryset = getattr(view, 'queryset', None)