From f71f3aa422b528ebddfa817639dee74ba62a003b Mon Sep 17 00:00:00 2001 From: Craig Blaszczyk Date: Tue, 26 Jul 2011 11:57:33 +0100 Subject: [PATCH] reword error message when user not logged in; add request to permission (so we can check permissions based on the type of request) --- djangorestframework/mixins.py | 1 + djangorestframework/permissions.py | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/djangorestframework/mixins.py b/djangorestframework/mixins.py index 6e66cfe45..f3964ad7f 100644 --- a/djangorestframework/mixins.py +++ b/djangorestframework/mixins.py @@ -388,6 +388,7 @@ class AuthMixin(object): user = self.user for permission_cls in self.permissions: permission = permission_cls(self) + permission.request = self.request permission.check_permission(user) diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py index 59c5f481f..2540218fd 100644 --- a/djangorestframework/permissions.py +++ b/djangorestframework/permissions.py @@ -26,6 +26,10 @@ _403_FORBIDDEN_RESPONSE = ErrorResponse( {'detail': 'You do not have permission to access this resource. ' + 'You may need to login or otherwise authenticate the request.'}) +_403_NOT_LOGGED_IN_RESPONSE = ErrorResponse( + status.HTTP_403_FORBIDDEN, + {'detail': 'You need to login to access this resource.'}) + _503_SERVICE_UNAVAILABLE = ErrorResponse( status.HTTP_503_SERVICE_UNAVAILABLE, {'detail': 'request was throttled'}) @@ -64,7 +68,7 @@ class IsAuthenticated(BasePermission): def check_permission(self, user): if not user.is_authenticated(): - raise _403_FORBIDDEN_RESPONSE + raise _403_NOT_LOGGED_IN_RESPONSE class IsAdminUser(BasePermission):