diff options
| author | markotibold | 2011-06-26 01:32:27 +0200 |
|---|---|---|
| committer | markotibold | 2011-06-26 01:32:27 +0200 |
| commit | 0b18b58c170aae0c2a93a608997e557fdcefe826 (patch) | |
| tree | 69a1d1e80c1e1b042a24892e7562867a1255e853 | |
| parent | 43c63c60ce8e89dbdb8e102f1c7ce1cd11fa8808 (diff) | |
| download | django-rest-framework-0b18b58c170aae0c2a93a608997e557fdcefe826.tar.bz2 | |
On 403's no forms will be displayed anymore
| -rw-r--r-- | djangorestframework/templates/renderer.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/djangorestframework/templates/renderer.html b/djangorestframework/templates/renderer.html index 507b5c25..44e032aa 100644 --- a/djangorestframework/templates/renderer.html +++ b/djangorestframework/templates/renderer.html @@ -60,8 +60,8 @@ </form> {% endif %} - {# Only display the POST/PUT/DELETE forms if method tunneling via POST forms is enabled. #} - {% if METHOD_PARAM %} + {# Only display the POST/PUT/DELETE forms if method tunneling via POST forms is enabled and the user has permissions on this view. #} + {% if METHOD_PARAM and response.status != 403 %} {% if 'POST' in view.allowed_methods %} <form action="{{ request.get_full_path }}" method="post" {% if post_form.is_multipart %}enctype="multipart/form-data"{% endif %}> |