Add a permission allowing readonly access for authenticated users

docs/api-guide/permissions.md

@@ -124,6 +124,12 @@ The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any re
 
 This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.
 
+## IsAuthenticatedAndReadOnly
+
+The `IsAuthenticatedAndReadOnly` will allow authenticated users to perform one of the "safe" methods.  All requests for unauthorised users will denied.
+
+This permission is suitable if you want to your API to be only accessible to registered users for readonly access.
+
 ## DjangoModelPermissions
 
 This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  This permission must only be applied to views that has a `.queryset` property set. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.

rest_framework/permissions.py

@@ -68,6 +68,19 @@ class IsAuthenticatedOrReadOnly(BasePermission):
         )
 
 
+class IsAuthenticatedAndReadOnly(BasePermission):
+    """
+    The request is authenticated as a user and is a read-only request.
+    """
+
+    def has_permission(self, request, view):
+        return (
+            request.method in SAFE_METHODS and
+            request.user and
+            request.user.is_authenticated()
+        )
+
+
 class DjangoModelPermissions(BasePermission):
     """
     The request is authenticated using `django.contrib.auth` permissions.