permissions: Add documentation about composed permissions

2025-08-01 11:00:13 +03:00 · 2018-10-02 17:11:40 +02:00 · 2018-10-02 17:11:40 +02:00 · 735ede6340
commit 735ede6340
parent daea006433
1 changed files with 21 additions and 0 deletions
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@ -102,6 +102,27 @@ Or, if you're using the `@api_view` decorator with function based views.

 __Note:__ when you set new permission classes through class attribute or decorators you're telling the view to ignore the default list set over the __settings.py__ file.

+Provided they inherit from `rest_framework.permissions.BasePermission`, permissions can be composed using standard Python bitwise operators. For example, `IsAdminOrReadOnly` could be written:
+
+    from rest_framework.permissions import BasePermission, IsAuthenticated
+    from rest_framework.response import Response
+    from rest_framework.views import APIView
+
+    class ReadOnly(BasePermission):
+        def has_permission(self, request, view):
+            return request.method in SAFE_METHODS
+
+    class ExampleView(APIView):
+        permission_classes = (IsAuthenticated|ReadOnly)
+
+        def get(self, request, format=None):
+            content = {
+                'status': 'request was permitted'
+            }
+            return Response(content)
+
+__Note:__ it only supports & -and- and | -or-.
+
 ---

 # API Reference