From 735ede6340d22fd0aef1b6bcbd80242fe189e28c Mon Sep 17 00:00:00 2001
From: Xavier Ordoquy <xordoquy@linovia.com>
Date: Tue, 2 Oct 2018 17:11:40 +0200
Subject: [PATCH] permissions: Add documentation about composed permissions

---
 docs/api-guide/permissions.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md
index f5fc214cd..52bbb4746 100644
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@@ -102,6 +102,27 @@ Or, if you're using the `@api_view` decorator with function based views.
 
 __Note:__ when you set new permission classes through class attribute or decorators you're telling the view to ignore the default list set over the __settings.py__ file.
 
+Provided they inherit from `rest_framework.permissions.BasePermission`, permissions can be composed using standard Python bitwise operators. For example, `IsAdminOrReadOnly` could be written:
+
+    from rest_framework.permissions import BasePermission, IsAuthenticated
+    from rest_framework.response import Response
+    from rest_framework.views import APIView
+
+    class ReadOnly(BasePermission):
+        def has_permission(self, request, view):
+            return request.method in SAFE_METHODS
+
+    class ExampleView(APIView):
+        permission_classes = (IsAuthenticated|ReadOnly)
+
+        def get(self, request, format=None):
+            content = {
+                'status': 'request was permitted'
+            }
+            return Response(content)
+
+__Note:__ it only supports & -and- and | -or-.
+
 ---
 
 # API Reference