encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-09-21 11:29:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1050 from filipeximenes/master

Browse Source 
Improving documentation about object level permissions #1049
This commit is contained in:
Tom Christie 2013-08-21 11:52:45 -07:00
commit d900847d98
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/api-guide/generic-views.md
View File

@ -113,7 +113,10 @@ For example:
filter = {}
for field in self.multiple_lookup_fields:
filter[field] = self.kwargs[field]
return get_object_or_404(queryset, **filter)
obj = get_object_or_404(queryset, **filter)
self.check_object_permissions(self.request, obj)
return obj
#### `get_serializer_class(self)`

7
docs/api-guide/permissions.md
View File

@ -28,6 +28,13 @@ If you're writing your own views and want to enforce object level permissions,
you'll need to explicitly call the `.check_object_permissions(request, obj)` method on the view at the point at which you've retrieved the object.
This will either raise a `PermissionDenied` or `NotAuthenticated` exception, or simply return if the view has the appropriate permissions.
For example:
def get_object(self):
obj = get_object_or_404(self.get_queryset())
self.check_object_permissions(self.request, obj)
return obj
## Setting the permission policy
The default permission policy may be set globally, using the `DEFAULT_PERMISSION_CLASSES` setting. For example.