diff --git a/rest_framework/exceptions.py b/rest_framework/exceptions.py
index 345a40524..4e846c39e 100644
--- a/rest_framework/exceptions.py
+++ b/rest_framework/exceptions.py
@@ -101,10 +101,8 @@ class APIException(Exception):
     default_code = 'error'
 
     def __init__(self, detail=None, code=None):
-        if detail is None:
-            detail = self.default_detail
-        if code is None:
-            code = self.default_code
+        detail = detail or self.default_detail
+        code = code or self.default_code
 
         self.detail = _get_error_details(detail, code)
 
@@ -141,10 +139,8 @@ class ValidationError(APIException):
     default_code = 'invalid'
 
     def __init__(self, detail=None, code=None):
-        if detail is None:
-            detail = self.default_detail
-        if code is None:
-            code = self.default_code
+        detail = detail or self.default_detail
+        code = code or self.default_code
 
         # For validation failures, we may collect many errors together,
         # so the details should always be coerced to a list if not already.
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 3a8c58064..9e29037e9 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -102,6 +102,8 @@ class BasePermission(metaclass=BasePermissionMetaclass):
     """
     A base class from which all permission classes should inherit.
     """
+    message = None
+    code = None
 
     def has_permission(self, request, view):
         """
diff --git a/rest_framework/views.py b/rest_framework/views.py
index bec10560a..7c21edf5a 100644
--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@@ -166,13 +166,13 @@ class APIView(View):
         """
         raise exceptions.MethodNotAllowed(request.method)
 
-    def permission_denied(self, request, message=None):
+    def permission_denied(self, request, message=None, code=None):
         """
         If request is not permitted, determine what kind of exception to raise.
         """
         if request.authenticators and not request.successful_authenticator:
             raise exceptions.NotAuthenticated()
-        raise exceptions.PermissionDenied(detail=message)
+        raise exceptions.PermissionDenied(detail=message, code=code)
 
     def throttled(self, request, wait):
         """
@@ -330,9 +330,7 @@ class APIView(View):
         """
         for permission in self.get_permissions():
             if not permission.has_permission(request, self):
-                self.permission_denied(
-                    request, message=getattr(permission, 'message', None)
-                )
+                self.permission_denied(request, permission.message, permission.code)
 
     def check_object_permissions(self, request, obj):
         """
@@ -341,9 +339,7 @@ class APIView(View):
         """
         for permission in self.get_permissions():
             if not permission.has_object_permission(request, self, obj):
-                self.permission_denied(
-                    request, message=getattr(permission, 'message', None)
-                )
+                self.permission_denied(request, permission.message, permission.code)
 
     def check_throttles(self, request):
         """