encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-03-03 19:00:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update docs on object-level permissions.

Browse Source 
Closes #801.
This commit is contained in:
Tom Christie 2013-04-27 14:29:32 +02:00
parent eaac152940
commit 73019f91fe
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/api-guide/permissions.md
View File

@ -21,7 +21,12 @@ If any permission check fails an `exceptions.PermissionDenied` exception will be
REST framework permissions also support object-level permissioning. Object level permissions are used to determine if a user should be allowed to act on a particular object, which will typically be a model instance.
Object level permissions are run by REST framework's generic views when `.get_object()` is called. As with view level permissions, an `exceptions.PermissionDenied` exception will be raised if the user is not allowed to act on the given object.
Object level permissions are run by REST framework's generic views when `.get_object()` is called.
As with view level permissions, an `exceptions.PermissionDenied` exception will be raised if the user is not allowed to act on the given object.
If you're writing your own views and want to enforce object level permissions,
you'll need to explicitly call the `.check_object_permissions(request, obj)` method on the view at the point at which you've retrieved the object.
This will either raise a `PermissionDenied` or `NotAuthenticated` exception, or simply return if the view has the appropraite permissions.
## Setting the permission policy