Merge pull request #2862 from ticosax/allow-empty-queryset

Prevent empty `queryset`s to raise AssertionError.

rest_framework/permissions.py

@@ -120,9 +120,9 @@ class DjangoModelPermissions(BasePermission):
         if queryset is None and getattr(view, '_ignore_model_permissions', False):
             return True
 
-        assert queryset, (
+        assert queryset is not None, (
             'Cannot apply DjangoModelPermissions on a view that '
-            'does not have `.queryset` property.'
+            'does not have `.queryset` property nor redefines `.get_queryset()`.'
         )
 
         perms = self.get_required_permissions(request.method, queryset.model)

tests/test_permissions.py

@@ -41,9 +41,17 @@ class GetQuerySetListView(generics.ListCreateAPIView):
         return BasicModel.objects.all()
 
 
+class EmptyListView(generics.ListCreateAPIView):
+    queryset = BasicModel.objects.none()
+    serializer_class = BasicSerializer
+    authentication_classes = [authentication.BasicAuthentication]
+    permission_classes = [permissions.DjangoModelPermissions]
+
+
 root_view = RootView.as_view()
 instance_view = InstanceView.as_view()
 get_queryset_list_view = GetQuerySetListView.as_view()
+empty_list_view = EmptyListView.as_view()
 
 
 def basic_auth_header(username, password):
@@ -166,6 +174,11 @@ class ModelPermissionsIntegrationTests(TestCase):
         self.assertIn('actions', response.data)
         self.assertEqual(list(response.data['actions'].keys()), ['PUT'])
 
+    def test_empty_view_does_not_assert(self):
+        request = factory.get('/1', HTTP_AUTHORIZATION=self.permitted_credentials)
+        response = empty_list_view(request, pk=1)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
 
 class BasicPermModel(models.Model):
     text = models.CharField(max_length=100)