encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-04 20:40:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 37634ecdd8 into fd72a814f8

Browse Source
This commit is contained in:
Panagiotis H.M. Issaris 2017-04-16 13:59:34 +00:00 committed by GitHub
commit 51bcb81db2
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/api-guide/permissions.md
View File

@ -130,6 +130,12 @@ The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any re
This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.
## IsAuthenticatedAndReadOnly
The `IsAuthenticatedAndReadOnly` will allow authenticated users to perform one of the "safe" methods. All requests for unauthorised users will denied.
This permission is suitable if you want to your API to be only accessible to registered users for readonly access.
## DjangoModelPermissions
This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. This permission must only be applied to views that have a `.queryset` property set. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.

13
rest_framework/permissions.py
View File

@ -72,6 +72,19 @@ class IsAuthenticatedOrReadOnly(BasePermission):
)
class IsAuthenticatedAndReadOnly(BasePermission):
"""
The request is authenticated as a user and is a read-only request.
"""
def has_permission(self, request, view):
return (
request.method in SAFE_METHODS and
request.user and
request.user.is_authenticated()
)
class DjangoModelPermissions(BasePermission):
"""
The request is authenticated using `django.contrib.auth` permissions.