encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-03 05:04:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Back out permissions example change in favor of easier to follow example

Browse Source
This commit is contained in:
Tom Christie 2013-12-23 09:12:34 +00:00
parent c385723648
commit d8a95b4b6d
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/tutorial/4-authentication-and-permissions.md
View File

@ -163,12 +163,15 @@ In the snippets app, create a new file, `permissions.py`
""" """
Custom permission to only allow owners of an object to edit it. Custom permission to only allow owners of an object to edit it.
""" """
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request, # Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests. # so we'll always allow GET, HEAD or OPTIONS requests.
# Write permissions are only allowed to the owner of the snippet if request.method in permissions.SAFE_METHODS:
return request.method in permissions.SAFE_METHODS or obj.owner == request.user return True
# Write permissions are only allowed to the owner of the snippet.
return obj.owner == request.user
Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: