mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-24 02:24:03 +03:00
Update perms_map in DjangoModelPermissions and DjangoObjectPermissions
Django permissions allows for 'view_modelname'. When users have view_modelname permission, these permission classes don't recognize it and reject access to the user. My specific case was assigning customers to a group with the group having specific permissions allowed from the model permissions. Made this edit in an extension of DjangoModelPermissions to make it work. Thought it would be useful to have inherently.
This commit is contained in:
parent
1ec0f86b58
commit
35025adef8
|
@ -175,7 +175,7 @@ class DjangoModelPermissions(BasePermission):
|
|||
# Override this if you need to also provide 'view' permissions,
|
||||
# or if you want to provide custom permission codes.
|
||||
perms_map = {
|
||||
'GET': [],
|
||||
'GET': ['%(app_label)s.view_%(model_name)s'],
|
||||
'OPTIONS': [],
|
||||
'HEAD': [],
|
||||
'POST': ['%(app_label)s.add_%(model_name)s'],
|
||||
|
@ -252,7 +252,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
|
|||
provide a `.queryset` attribute.
|
||||
"""
|
||||
perms_map = {
|
||||
'GET': [],
|
||||
'GET': ['%(app_label)s.view_%(model_name)s'],
|
||||
'OPTIONS': [],
|
||||
'HEAD': [],
|
||||
'POST': ['%(app_label)s.add_%(model_name)s'],
|
||||
|
|
Loading…
Reference in New Issue
Block a user