Merge 37634ecdd8 into fd72a814f8

docs/api-guide/permissions.md

@@ -130,6 +130,12 @@ The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any re
 
 This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.
 
+## IsAuthenticatedAndReadOnly
+
+The `IsAuthenticatedAndReadOnly` will allow authenticated users to perform one of the "safe" methods.  All requests for unauthorised users will denied.
+
+This permission is suitable if you want to your API to be only accessible to registered users for readonly access.
+
 ## DjangoModelPermissions
 
 This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  This permission must only be applied to views that have a `.queryset` property set. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.

rest_framework/permissions.py

@@ -72,6 +72,19 @@ class IsAuthenticatedOrReadOnly(BasePermission):
         )
 
 
+class IsAuthenticatedAndReadOnly(BasePermission):
+    """
+    The request is authenticated as a user and is a read-only request.
+    """
+
+    def has_permission(self, request, view):
+        return (
+            request.method in SAFE_METHODS and
+            request.user and
+            request.user.is_authenticated()
+        )
+
+
 class DjangoModelPermissions(BasePermission):
     """
     The request is authenticated using `django.contrib.auth` permissions.