Merge 81632585a7 into 871ce34983

2025-08-04 20:40:14 +03:00 · 2017-05-25 10:22:33 +00:00 · 2017-05-25 10:22:33 +00:00 · 95fac27e41
commit 95fac27e41
parent 871ce34983 81632585a7
3 changed files with 16 additions and 4 deletions
--- a/docs/api-guide/settings.md
+++ b/docs/api-guide/settings.md
@ -456,6 +456,12 @@ An integer of 0 or more, that may be used to specify the number of application p

 Default: `None`

+#### USE_PERMISSION_CODE
+
+USE_PERMISSION_CODE determines whether BasePermission.code is used in exceptions.PermissionDenied.
+
+Default: `False`
+
 [cite]: https://www.python.org/dev/peps/pep-0020/
 [rfc4627]: http://www.ietf.org/rfc/rfc4627.txt
 [heroku-minified-json]: https://github.com/interagent/http-api-design#keep-json-minified-in-all-responses
--- a/rest_framework/settings.py
+++ b/rest_framework/settings.py
@ -123,6 +123,8 @@ DEFAULTS = {
        'retrieve': 'read',
        'destroy': 'delete'
    },
+
+    'USE_PERMISSION_CODE': False,
 }


--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@ -162,13 +162,13 @@ class APIView(View):
        """
        raise exceptions.MethodNotAllowed(request.method)

-    def permission_denied(self, request, message=None):
+    def permission_denied(self, request, message=None, code=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated()
-        raise exceptions.PermissionDenied(detail=message)
+        raise exceptions.PermissionDenied(detail=message, code=code)

    def throttled(self, request, wait):
        """
@ -327,7 +327,9 @@ class APIView(View):
        for permission in self.get_permissions():
            if not permission.has_permission(request, self):
                self.permission_denied(
-                    request, message=getattr(permission, 'message', None)
+                    request,
+                    message=getattr(permission, 'message', None),
+                    code=getattr(permission, 'code', None) if api_settings.USE_PERMISSION_CODE else None
                )

    def check_object_permissions(self, request, obj):
@ -338,7 +340,9 @@ class APIView(View):
        for permission in self.get_permissions():
            if not permission.has_object_permission(request, self, obj):
                self.permission_denied(
-                    request, message=getattr(permission, 'message', None)
+                    request,
+                    message=getattr(permission, 'message', None),
+                    code=getattr(permission, 'code', None) if api_settings.USE_PERMISSION_CODE else None
                )

    def check_throttles(self, request):