From 6bd2205833e463073e271c0d408dfa69b23c1a97 Mon Sep 17 00:00:00 2001
From: Camille Harang <mammique@yooook.net>
Date: Thu, 2 Feb 2012 03:06:55 +0100
Subject: [PATCH] Adding permission IsModelInstanceOwnerOrIsAnonReadOnly

---
 djangorestframework/permissions.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py
index dfe55ce94..0de1d16d8 100644
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@@ -77,6 +77,27 @@ class IsAdminUser(BasePermission):
             raise _403_FORBIDDEN_RESPONSE
 
 
+class IsModelInstanceOwnerOrIsAnonReadOnly(BasePermission):
+    """
+    The request is authenticated as the owner of the model instance, or is a read-only request.
+    """
+
+    def check_permission(self, user):
+
+        if self.view.method in('GET', 'HEAD',):
+            return
+
+        if not user.is_authenticated():
+            raise _403_FORBIDDEN_RESPONSE
+
+        try:
+            if self.view.model_instance.get_owner() == user:
+                return
+        except: pass
+
+        raise _403_FORBIDDEN_RESPONSE
+
+
 class IsUserOrIsAnonReadOnly(BasePermission):
     """
     The request is authenticated as a user, or is a read-only request.