mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-29 13:04:03 +03:00
Stronger calling out of 'DjangoObjectPermissionsFilter'. Closes #1934.
This commit is contained in:
parent
0a5d088287
commit
571440e143
|
@ -146,7 +146,13 @@ As with `DjangoModelPermissions`, this permission must only be applied to views
|
||||||
|
|
||||||
Note that `DjangoObjectPermissions` **does not** require the `django-guardian` package, and should support other object-level backends equally well.
|
Note that `DjangoObjectPermissions` **does not** require the `django-guardian` package, and should support other object-level backends equally well.
|
||||||
|
|
||||||
As with `DjangoModelPermissions` you can use custom model permissions by overriding `DjangoModelPermissions` and setting the `.perms_map` property. Refer to the source code for details. Note that if you add a custom `view` permission for `GET`, `HEAD` and `OPTIONS` requests, you'll probably also want to consider adding the `DjangoObjectPermissionsFilter` class to ensure that list endpoints only return results including objects for which the user has appropriate view permissions.
|
As with `DjangoModelPermissions` you can use custom model permissions by overriding `DjangoModelPermissions` and setting the `.perms_map` property. Refer to the source code for details.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests, you'll want to consider also adding the `DjangoObjectPermissionsFilter` class to ensure that list endpoints only return results including objects for which the user has appropriate view permissions.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## TokenHasReadWriteScope
|
## TokenHasReadWriteScope
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user