encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2024-11-13 05:06:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs: Fix authentication / authorization mixup (#8930)

Browse Source 
`IsAuthenticatedOrReadOnly` authorizes users that are not
authenticated for read-only access to resources.

Therefore, they are unauthenticated users, not unauthorized users.
This commit is contained in:
Christian Franke 2023-04-04 10:44:59 +02:00 committed by GitHub
parent 3428cec194
commit ea03e95174
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/api-guide/permissions.md
View File

@ -165,7 +165,7 @@ This permission is suitable if you want your API to only be accessible to a subs
## IsAuthenticatedOrReadOnly ## IsAuthenticatedOrReadOnly
The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any request. Requests for unauthorized users will only be permitted if the request method is one of the "safe" methods; `GET`, `HEAD` or `OPTIONS`. The `IsAuthenticatedOrReadOnly` will allow authenticated users to perform any request. Requests for unauthenticated users will only be permitted if the request method is one of the "safe" methods; `GET`, `HEAD` or `OPTIONS`.
This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users. This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.