mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-27 03:54:01 +03:00
Fix permission issues
This commit is contained in:
parent
ef5279e97c
commit
367dd01a33
|
@ -41,7 +41,7 @@ class IsAuthenticated(BasePermission):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def check_permission(self, request, obj=None):
|
def check_permission(self, request, obj=None):
|
||||||
if request.user.is_authenticated():
|
if request.user and request.user.is_authenticated():
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ class IsAdminUser(BasePermission):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def check_permission(self, request, obj=None):
|
def check_permission(self, request, obj=None):
|
||||||
if request.user.is_staff:
|
if request.user and request.user.is_staff():
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -63,8 +63,9 @@ class IsAuthenticatedOrReadOnly(BasePermission):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def check_permission(self, request, obj=None):
|
def check_permission(self, request, obj=None):
|
||||||
if (request.user.is_authenticated() or
|
if (request.method in SAFE_METHODS or
|
||||||
request.method in SAFE_METHODS):
|
request.user and
|
||||||
|
request.user.is_authenticated()):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -108,6 +109,8 @@ class DjangoModelPermissions(BasePermission):
|
||||||
model_cls = self.view.model
|
model_cls = self.view.model
|
||||||
perms = self.get_required_permissions(request.method, model_cls)
|
perms = self.get_required_permissions(request.method, model_cls)
|
||||||
|
|
||||||
if request.user.is_authenticated() and request.user.has_perms(perms, obj):
|
if (request.user and
|
||||||
|
request.user.is_authenticated() and
|
||||||
|
request.user.has_perms(perms, obj)):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
Loading…
Reference in New Issue
Block a user