From c579f3f3059a605d2bf114cdcecdf02aa273e91a Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Tue, 19 Feb 2019 15:49:55 +0100 Subject: [PATCH] =?UTF-8?q?Doc=E2=80=99d=20requirement=20to=20implement=20?= =?UTF-8?q?has=5Fobject=5Fpermission()?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …when using provided permission classes. Closes #6402. --- docs/api-guide/permissions.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index e04b1199b..a797da9ac 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -48,6 +48,19 @@ For example: self.check_object_permissions(self.request, obj) return obj +--- + +**Note**: With the exception of `DjangoObjectPermissions`, the provided +permission classes in `rest_framework.permssions` **do not** implement the +methods necessary to check object permissions. + +If you wish to use the provided permission classes in order to check object +permissions, **you must** subclass them and implement the +`has_object_permission()` method described in the [_Custom +permissions_](#custom-permissions) section (below). + +--- + #### Limitations of object level permissions For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.