mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-10 19:56:59 +03:00
Fixed the MultipleFieldLookupMixin example to properly check for object level permission.
This commit is contained in:
parent
71ad99e0b2
commit
b11f37eaf3
|
@ -330,7 +330,9 @@ For example, if you need to lookup objects based on multiple fields in the URL c
|
||||||
for field in self.lookup_fields:
|
for field in self.lookup_fields:
|
||||||
if self.kwargs[field]: # Ignore empty fields.
|
if self.kwargs[field]: # Ignore empty fields.
|
||||||
filter[field] = self.kwargs[field]
|
filter[field] = self.kwargs[field]
|
||||||
return get_object_or_404(queryset, **filter) # Lookup the object
|
obj = get_object_or_404(queryset, **filter) # Lookup the object
|
||||||
|
self.check_object_permissions(self.request, obj)
|
||||||
|
return obj
|
||||||
|
|
||||||
You can then simply apply this mixin to a view or viewset anytime you need to apply the custom behavior.
|
You can then simply apply this mixin to a view or viewset anytime you need to apply the custom behavior.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user