encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-01-25 00:34:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

check authentication after checking ModelResource

Browse Source
This commit is contained in:
Camille Harang 2012-02-11 01:54:28 +01:00
parent bc80eb266f
commit b236241982
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
djangorestframework/permissions.py
View File

@ -99,16 +99,16 @@ class DjangoModelPermisson(BasePermission):
if self.view.request.method in ('GET', 'OPTIONS', 'HEAD',): if self.view.request.method in ('GET', 'OPTIONS', 'HEAD',):
return return
# User must be logged in to check permissions.
if not hasattr(self.view.request, 'user') or not self.view.request.user.is_authenticated():
raise _403_FORBIDDEN_RESPONSE
klass = self.view.resource.model klass = self.view.resource.model
# If it doesn't look like a model, we can't check permissions. # If it doesn't look like a model, we can't check permissions.
if not klass or not getattr(klass, '_meta', None): if not klass or not getattr(klass, '_meta', None):
return return
# User must be logged in to check permissions.
if not hasattr(self.view.request, 'user') or not self.view.request.user.is_authenticated():
raise _403_FORBIDDEN_RESPONSE
permission_map = { permission_map = {
'POST': ['%s.add_%s'], 'POST': ['%s.add_%s'],
'PUT': ['%s.change_%s'], 'PUT': ['%s.change_%s'],