Xavier Ordoquy
b41a6cfa38
permissions: Allow permissions to be composed ( #5753 )
...
* permissions: Allow permissions to be composed
Implement a system to compose permissions with and / or.
This is performed by returning an `OperationHolder` instance that keeps the
permission classes and type of composition (and / or).
When called it will return a AND/OR instance that will then delegate the
permission check to the operands.
* permissions: Add documentation about composed permissions
* Fix documentation typo in permissions
2018-10-03 15:36:24 +01:00
Carlton Gibson
c674687782
Remove Django 1.8 & 1.9 compatibility code ( #5481 )
...
* Identify code that needs to be pulled out of/removed from compat.py
* Extract modern code from get_names_and_managers in compat.py and remove compat code
* Extract modern code from is_authenticated() in compat.py and remove.
* Extract modern code from is_anonymous() in compat.py and remove
* Extract modern code from get_related_model() from compat.py and remove
* Extract modern code from value_from_object() in compat.py and remove
* Update postgres compat
JSONField now always available.
* Remove DecimalValidator compat
* Remove get_remote_field compat
* Remove template_render compat
Plus isort.
* Remove set_many compat
* Remove include compat
2017-10-05 20:41:38 +02:00
Ryan P Kilby
23b2d8099b
Unify QS handling for model/object permissions
2017-09-01 13:56:39 -04:00
Denis Untevskiy
c8773671e7
+ Rejecting anonymous in DjangoModelPermissions *before* the .get_queryset call
2017-08-30 17:10:39 -04:00
Carlton Gibson
6a3b8cfa4c
Adjust wording
2017-08-22 20:44:19 +02:00
Felipe Bidu
6f2c3bcb12
Further clarifying the message when get_queryset returns None to include the class name that was called
2017-08-22 12:13:22 -03:00
Felipe Bidu
5fd01d06ab
Adding a more explicit error message when a view does have a get_queryset method but it returned nothing
2017-08-22 11:00:19 -03:00
Tom Christie
68d2020112
Live API documentation ( #4755 )
2017-03-03 15:24:37 +00:00
tdruez
06a1e12fd8
Fixed Permissions.get_required_object_permissions for #4927
2017-02-28 17:51:32 +01:00
Tom Christie
11a2468379
Access request.user.is_authenticated
as property not method, under Django 1.10+ ( #4358 )
...
* For Django >=1.10 use user.is_authenticated, not user.is_authenticated()
2016-08-05 11:04:01 +01:00
Stephan Groß
a101251a2a
Fix blank lines around docstrings
2016-03-17 11:06:47 +00:00
Aarni Koskela
69688289ce
Ensure Django{Model,Object}Permissions
don't hide exceptions.
...
Quietly catching `AttributeError` and `TypeError` when calling
`get_queryset()` is rather insidious, as those exceptions get caught no
matter where they might happen in the call stack.
2015-11-27 12:46:30 +02:00
Carlton Gibson
25de8c960f
Remove Django 1.5 get_model_name fallback
2015-09-21 20:10:31 +02:00
José Padilla
7351a3f6ca
Sort imports with isort
2015-06-25 16:55:51 -04:00
José Padilla
83c9136c90
Cleanup import following PEP 8 style guide
2015-06-25 16:10:17 -04:00
Nicolas Delaby
031ac2a292
Allow DjangoObjectPermissions to use views that define get_queryset
2015-05-13 14:26:44 +02:00
Nicolas Delaby
24e9473036
Improve error message.
2015-04-22 11:22:37 +02:00
Nicolas Delaby
6f66798ad3
Prevent empty queryset
s to raises AssertionError.
2015-04-22 11:13:09 +02:00
Nicolas Delaby
c2e536bfda
Tell DjangoModelPermissions to rely on get_queryset first.
2015-04-22 10:18:30 +02:00
Tymur Maryokhin
1ddfef1212
Removed deprecated '.model' attribute check
2015-04-12 17:12:01 +02:00
Di Wu
48e1f151c5
use SAFE_METHODS and make tuple
2015-03-16 22:13:07 -07:00
Tom Christie
baaa356489
Merge master
2014-12-12 15:37:43 +00:00
Tymur Maryokhin
d9930181ee
Removed unused imports, pep8 fixes, typo fixes
2014-12-05 00:29:28 +01:00
Jharrod LaFon
baa518cd89
Moved OAuth support out of DRF and into a separate package, per #1767
2014-09-05 15:30:01 -07:00
Tom Christie
4d8c63abc9
Deprecate .model in related routers/permissions
2014-08-20 17:15:46 +01:00
Tom Christie
bf09c32de8
Code linting and added runtests.py
2014-08-19 13:28:07 +01:00
Tom Christie
52686420f4
Merge branch 'bennbollay-patch-1' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/routers.md
rest_framework/compat.py
tox.ini
2013-12-23 09:48:59 +00:00
amatellanes
2d6d725c2f
Simplified some functions
2013-12-22 12:39:47 +01:00
Tom Christie
9c41c007af
Merge branch 'master' into 2.4.0
...
Conflicts:
.travis.yml
docs/api-guide/routers.md
docs/topics/release-notes.md
rest_framework/compat.py
2013-12-13 16:32:34 +00:00
Tom Christie
21cd638659
Merge master
2013-09-25 09:44:26 +01:00
Markus Kaiserswerth
abbe9213f9
Address pending deprecation of Model._meta.module_name in Django 1.6
2013-09-23 17:48:25 +02:00
Tom Christie
5970baa201
Tweaks and docs to object-level model permissions.
2013-09-10 21:00:13 +01:00
bwreilly
23fc9dd53f
better doc for object permissions, drop redundant has_permission call
2013-09-09 09:32:29 -07:00
bwreilly
0183c69538
removed unnecessary guardian req and view.action parsing
2013-09-09 08:39:09 -07:00
bwreilly
9ff0f6d3bf
switch to a dedicated filter for read list object permissions
2013-09-07 23:48:03 -05:00
bwreilly
118645e480
first pass at object level permissions and tests
2013-09-07 23:18:52 -05:00
bwreilly
b07de86ad3
some properly failing tests, set up for standard permissions
2013-09-06 12:35:06 -05:00
bwreilly
4a9dcfa760
added guardian as optional requirement, stubbed out object-level permission class
2013-09-06 11:01:31 -05:00
Tom Christie
3fcc01273c
Remove deprecated code
2013-06-27 20:29:52 +01:00
Tom Christie
6d2ca75d8e
Don't raise AttributeError on views with no model or queryset, when using DjangoModelPermissions
2013-06-18 11:10:56 +01:00
Tom Christie
aff88d15f7
Version 2.3.3
2013-05-16 15:08:12 +01:00
Tom Christie
b65b065375
Add DjangoModelPermissionsOrAnonReadOnly
2013-04-30 14:34:28 +01:00
Tom Christie
dc7b1d6430
2.2's PendingDeprecationWarnings now become DeprecationWarnings. 2.3's PendingDeprecationWarnings added.
2013-04-29 12:45:00 +01:00
Tom Christie
4bf1a09bae
Ensure implementation of reverse relations in 'fields' is backwards compatible
2013-04-23 11:31:38 +01:00
Tom Christie
043d748b53
Tweak
2013-03-12 20:12:28 +00:00
Tom Christie
f513db714d
Clean up TokenHasReadWriteScope slightly
2013-03-12 19:07:30 +00:00
Tom Christie
e8db504a98
Merge master
2013-03-12 18:49:38 +00:00
Pierre Dulac
eec8efafc3
Add the implementation for TokenHasReadWriteScope permissions w/ oauth 1
2013-03-10 14:40:20 +01:00
Pierre Dulac
e03906a5c4
Add TokenHasReadWriteScope class for permissions based on scopes
2013-03-10 14:08:29 +01:00
Tom Christie
69d169f5f6
Neater override hooks and more docs for DjangoModelPermissions.
...
Refs #702 .
2013-03-08 23:42:20 +00:00