diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 8f5de0256..34af28f6e 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -151,6 +151,9 @@ class DjangoObjectPermissions(DjangoModelPermissions):
     This permission can only be applied against view classes that
     provide a `.queryset` attribute.
     """
+
+    requires_object_permission = True
+
     perms_map = {
         'GET': [],
         'OPTIONS': [],
diff --git a/rest_framework/views.py b/rest_framework/views.py
index 41d108e53..29f939377 100644
--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@@ -7,6 +7,7 @@ from django.core.exceptions import PermissionDenied
 from django.db import models
 from django.http import Http404
 from django.http.response import HttpResponseBase
+from django.shortcuts import get_object_or_404 as _get_object_or_404
 from django.utils import six
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
@@ -382,7 +383,11 @@ class APIView(View):
 
         # Ensure that the incoming request is permitted
         self.perform_authentication(request)
-        self.check_permissions(request)
+        if getattr(self, 'requires_object_permission', None) and 'pk' in kwargs:
+            obj = _get_object_or_404(self.get_queryset(), pk=kwargs['pk'])
+            self.check_object_permissions(request, obj)
+        else:
+            self.check_permissions(request)
         self.check_throttles(request)
 
     def finalize_response(self, request, response, *args, **kwargs):