encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-11-21 17:16:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs: Fix authentication / authorization mixup (#8930)

Browse Source 
`IsAuthenticatedOrReadOnly` authorizes users that are not
authenticated for read-only access to resources.

Therefore, they are unauthenticated users, not unauthorized users.
This commit is contained in:
Christian Franke 2023-04-04 10:44:59 +02:00 committed by GitHub
parent 3428cec194
commit ea03e95174
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/api-guide/permissions.md
View File

@ -165,7 +165,7 @@ This permission is suitable if you want your API to only be accessible to a subs
## IsAuthenticatedOrReadOnly
The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any request. Requests for unauthorized users will only be permitted if the request method is one of the "safe" methods; `GET`, `HEAD` or `OPTIONS`.
The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any request. Requests for unauthenticated users will only be permitted if the request method is one of the "safe" methods; `GET`, `HEAD` or `OPTIONS`.
This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.