encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-05 04:50:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add a permission allowing readonly access for authenticated users

Browse Source
This commit is contained in:
Panagiotis Issaris 2015-03-12 18:28:14 +01:00
parent 36e30c8f91
commit 37634ecdd8
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/api-guide/permissions.md
View File

@ -124,6 +124,12 @@ The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any re
This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.
## IsAuthenticatedAndReadOnly
The `IsAuthenticatedAndReadOnly` will allow authenticated users to perform one of the "safe" methods. All requests for unauthorised users will denied.
This permission is suitable if you want to your API to be only accessible to registered users for readonly access.
## DjangoModelPermissions
This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. This permission must only be applied to views that has a `.queryset` property set. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.

13
rest_framework/permissions.py
View File

@ -68,6 +68,19 @@ class IsAuthenticatedOrReadOnly(BasePermission):
)
class IsAuthenticatedAndReadOnly(BasePermission):
"""
The request is authenticated as a user and is a read-only request.
"""
def has_permission(self, request, view):
return (
request.method in SAFE_METHODS and
request.user and
request.user.is_authenticated()
)
class DjangoModelPermissions(BasePermission):
"""
The request is authenticated using `django.contrib.auth` permissions.