encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-06-27 00:43:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

permissions must return a boolean

Browse Source 
`x and y` actually returns object y when both are true. the means P & IsAuthenticated will fail with TypeError: unsupported operand type(s) for &: 'instance' and 'bool' as IsAuthenticated now returns a CallableBool which does not overload __ror__
This commit is contained in:
Mark Davidoff 2018-10-28 14:12:39 -07:00 committed by GitHub
parent 9d001cd84c
commit 6f2c0dbf4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rest_framework/permissions.py
View File

@ -110,7 +110,7 @@ class IsAuthenticated(BasePermission):
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
return request.user and request.user.is_authenticated return bool(request.user and request.user.is_authenticated)
class IsAdminUser(BasePermission): class IsAdminUser(BasePermission):
@ -119,7 +119,7 @@ class IsAdminUser(BasePermission):
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
return request.user and request.user.is_staff return bool(request.user and request.user.is_staff)
class IsAuthenticatedOrReadOnly(BasePermission): class IsAuthenticatedOrReadOnly(BasePermission):
@ -128,7 +128,7 @@ class IsAuthenticatedOrReadOnly(BasePermission):
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
return ( return bool(
request.method in SAFE_METHODS or request.method in SAFE_METHODS or
request.user and request.user and
request.user.is_authenticated request.user.is_authenticated