encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-18 04:20:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Doc’d requirement to implement has_object_permission() (#6462)

Browse Source 
…when using provided permission classes.

Closes #6402.
This commit is contained in:
Carlton Gibson 2019-02-19 16:18:55 +01:00 committed by GitHub
parent eb3180173e
commit 6de33effd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/api-guide/permissions.md
View File

@ -48,6 +48,19 @@ For example:
self.check_object_permissions(self.request, obj) self.check_object_permissions(self.request, obj)
return obj return obj
---
**Note**: With the exception of `DjangoObjectPermissions`, the provided
permission classes in `rest_framework.permssions` **do not** implement the
methods necessary to check object permissions.
If you wish to use the provided permission classes in order to check object
permissions, **you must** subclass them and implement the
`has_object_permission()` method described in the [_Custom
permissions_](#custom-permissions) section (below).
---
#### Limitations of object level permissions #### Limitations of object level permissions
For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects. For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.