From b903f4ac98a03ffa745c89b5e0d82cd88e520924 Mon Sep 17 00:00:00 2001 From: Sanghyeok Lee Date: Thu, 9 Feb 2017 17:27:32 +0900 Subject: [PATCH 1/2] Add Permission 'code' attribute --- rest_framework/views.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/rest_framework/views.py b/rest_framework/views.py index 92911e8df..248c9c78e 100644 --- a/rest_framework/views.py +++ b/rest_framework/views.py @@ -161,13 +161,13 @@ class APIView(View): """ raise exceptions.MethodNotAllowed(request.method) - def permission_denied(self, request, message=None): + def permission_denied(self, request, message=None, code=None): """ If request is not permitted, determine what kind of exception to raise. """ if request.authenticators and not request.successful_authenticator: raise exceptions.NotAuthenticated() - raise exceptions.PermissionDenied(detail=message) + raise exceptions.PermissionDenied(detail=message, code=code) def throttled(self, request, wait): """ @@ -326,7 +326,9 @@ class APIView(View): for permission in self.get_permissions(): if not permission.has_permission(request, self): self.permission_denied( - request, message=getattr(permission, 'message', None) + request, + message=getattr(permission, 'message', None), + code=getattr(permission, 'code', None) ) def check_object_permissions(self, request, obj): @@ -337,7 +339,9 @@ class APIView(View): for permission in self.get_permissions(): if not permission.has_object_permission(request, self, obj): self.permission_denied( - request, message=getattr(permission, 'message', None) + request, + message=getattr(permission, 'message', None), + code=getattr(permission, 'code', None) ) def check_throttles(self, request): From 8985aa94d0a054cd59231397530ff2bd1fd954d0 Mon Sep 17 00:00:00 2001 From: Sanghyeok Lee Date: Fri, 28 Apr 2017 02:30:36 +0900 Subject: [PATCH 2/2] add 'api_settings.USE_PERMISSION_CODE' --- docs/api-guide/settings.md | 6 ++++++ rest_framework/settings.py | 2 ++ rest_framework/views.py | 4 ++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/api-guide/settings.md b/docs/api-guide/settings.md index aaedd463e..43db46152 100644 --- a/docs/api-guide/settings.md +++ b/docs/api-guide/settings.md @@ -456,6 +456,12 @@ An integer of 0 or more, that may be used to specify the number of application p Default: `None` +#### USE_PERMISSION_CODE + +USE_PERMISSION_CODE determines whether BasePermission.code is used in exceptions.PermissionDenied. + +Default: `False` + [cite]: https://www.python.org/dev/peps/pep-0020/ [rfc4627]: http://www.ietf.org/rfc/rfc4627.txt [heroku-minified-json]: https://github.com/interagent/http-api-design#keep-json-minified-in-all-responses diff --git a/rest_framework/settings.py b/rest_framework/settings.py index b699d7caf..2bb690d34 100644 --- a/rest_framework/settings.py +++ b/rest_framework/settings.py @@ -122,6 +122,8 @@ DEFAULTS = { 'retrieve': 'read', 'destroy': 'delete' }, + + 'USE_PERMISSION_CODE': False, } diff --git a/rest_framework/views.py b/rest_framework/views.py index 248c9c78e..6e03b8b14 100644 --- a/rest_framework/views.py +++ b/rest_framework/views.py @@ -328,7 +328,7 @@ class APIView(View): self.permission_denied( request, message=getattr(permission, 'message', None), - code=getattr(permission, 'code', None) + code=getattr(permission, 'code', None) if api_settings.USE_PERMISSION_CODE else None ) def check_object_permissions(self, request, obj): @@ -341,7 +341,7 @@ class APIView(View): self.permission_denied( request, message=getattr(permission, 'message', None), - code=getattr(permission, 'code', None) + code=getattr(permission, 'code', None) if api_settings.USE_PERMISSION_CODE else None ) def check_throttles(self, request):