mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-08-04 20:40:14 +03:00
Merge 37634ecdd8
into fd72a814f8
This commit is contained in:
commit
51bcb81db2
|
@ -130,6 +130,12 @@ The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any re
|
|||
|
||||
This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.
|
||||
|
||||
## IsAuthenticatedAndReadOnly
|
||||
|
||||
The `IsAuthenticatedAndReadOnly` will allow authenticated users to perform one of the "safe" methods. All requests for unauthorised users will denied.
|
||||
|
||||
This permission is suitable if you want to your API to be only accessible to registered users for readonly access.
|
||||
|
||||
## DjangoModelPermissions
|
||||
|
||||
This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. This permission must only be applied to views that have a `.queryset` property set. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.
|
||||
|
|
|
@ -72,6 +72,19 @@ class IsAuthenticatedOrReadOnly(BasePermission):
|
|||
)
|
||||
|
||||
|
||||
class IsAuthenticatedAndReadOnly(BasePermission):
|
||||
"""
|
||||
The request is authenticated as a user and is a read-only request.
|
||||
"""
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return (
|
||||
request.method in SAFE_METHODS and
|
||||
request.user and
|
||||
request.user.is_authenticated()
|
||||
)
|
||||
|
||||
|
||||
class DjangoModelPermissions(BasePermission):
|
||||
"""
|
||||
The request is authenticated using `django.contrib.auth` permissions.
|
||||
|
|
Loading…
Reference in New Issue
Block a user