From b11f37eaf314b983c7a21abcea231f69ea31da1b Mon Sep 17 00:00:00 2001 From: Irvan Date: Thu, 7 Sep 2017 11:06:44 +0800 Subject: [PATCH] Fixed the MultipleFieldLookupMixin example to properly check for object level permission. --- docs/api-guide/generic-views.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/api-guide/generic-views.md b/docs/api-guide/generic-views.md index 0170256f2..381f1fe73 100644 --- a/docs/api-guide/generic-views.md +++ b/docs/api-guide/generic-views.md @@ -330,7 +330,9 @@ For example, if you need to lookup objects based on multiple fields in the URL c for field in self.lookup_fields: if self.kwargs[field]: # Ignore empty fields. filter[field] = self.kwargs[field] - return get_object_or_404(queryset, **filter) # Lookup the object + obj = get_object_or_404(queryset, **filter) # Lookup the object + self.check_object_permissions(self.request, obj) + return obj You can then simply apply this mixin to a view or viewset anytime you need to apply the custom behavior.