mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-08-01 11:00:13 +03:00
permissions: Add documentation about composed permissions
This commit is contained in:
parent
daea006433
commit
735ede6340
|
@ -102,6 +102,27 @@ Or, if you're using the `@api_view` decorator with function based views.
|
|||
|
||||
__Note:__ when you set new permission classes through class attribute or decorators you're telling the view to ignore the default list set over the __settings.py__ file.
|
||||
|
||||
Provided they inherit from `rest_framework.permissions.BasePermission`, permissions can be composed using standard Python bitwise operators. For example, `IsAdminOrReadOnly` could be written:
|
||||
|
||||
from rest_framework.permissions import BasePermission, IsAuthenticated
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
|
||||
class ReadOnly(BasePermission):
|
||||
def has_permission(self, request, view):
|
||||
return request.method in SAFE_METHODS
|
||||
|
||||
class ExampleView(APIView):
|
||||
permission_classes = (IsAuthenticated|ReadOnly)
|
||||
|
||||
def get(self, request, format=None):
|
||||
content = {
|
||||
'status': 'request was permitted'
|
||||
}
|
||||
return Response(content)
|
||||
|
||||
__Note:__ it only supports & -and- and | -or-.
|
||||
|
||||
---
|
||||
|
||||
# API Reference
|
||||
|
|
Loading…
Reference in New Issue
Block a user