diff options
| author | Tom Christie | 2014-08-02 15:29:15 +0100 |
|---|---|---|
| committer | Tom Christie | 2014-08-02 15:29:15 +0100 |
| commit | e0be02ef83334a9d4a771d8dd6b70c6352739429 (patch) | |
| tree | 9da152553f136128193509822e1da526ee2087ad /api-guide/permissions.html | |
| parent | 675fa48957fc5f5fbd796eb96d43d8f3191e5a2a (diff) | |
| download | django-rest-framework-e0be02ef83334a9d4a771d8dd6b70c6352739429.tar.bz2 | |
Update sponsorships
Diffstat (limited to 'api-guide/permissions.html')
| -rw-r--r-- | api-guide/permissions.html | 118 |
1 files changed, 59 insertions, 59 deletions
diff --git a/api-guide/permissions.html b/api-guide/permissions.html index a75bcb2e..afc18e56 100644 --- a/api-guide/permissions.html +++ b/api-guide/permissions.html @@ -3,17 +3,17 @@ <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta charset="utf-8"> <title>Permissions - Django REST framework</title> - <link href="file:///Users/tomchristie/GitHub/django-rest-framework/html//img/favicon.ico" rel="icon" type="image/x-icon"> - <link rel="canonical" href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/permissions.html"/> + <link href="http://www.django-rest-framework.org/img/favicon.ico" rel="icon" type="image/x-icon"> + <link rel="canonical" href="http://www.django-rest-framework.org/api-guide/permissions"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="Django, API, REST, Permissions, API Reference, Custom permissions, Third party packages"> <meta name="author" content="Tom Christie"> <!-- Le styles --> - <link href="file:///Users/tomchristie/GitHub/django-rest-framework/html//css/prettify.css" rel="stylesheet"> - <link href="file:///Users/tomchristie/GitHub/django-rest-framework/html//css/bootstrap.css" rel="stylesheet"> - <link href="file:///Users/tomchristie/GitHub/django-rest-framework/html//css/bootstrap-responsive.css" rel="stylesheet"> - <link href="file:///Users/tomchristie/GitHub/django-rest-framework/html//css/default.css" rel="stylesheet"> + <link href="http://www.django-rest-framework.org/css/prettify.css" rel="stylesheet"> + <link href="http://www.django-rest-framework.org/css/bootstrap.css" rel="stylesheet"> + <link href="http://www.django-rest-framework.org/css/bootstrap-responsive.css" rel="stylesheet"> + <link href="http://www.django-rest-framework.org/css/default.css" rel="stylesheet"> <!-- Le HTML5 shim, for IE6-8 support of HTML5 elements --> <!--[if lt IE 9]> @@ -57,73 +57,73 @@ a.fusion-poweredby { <div class="navbar-inner"> <div class="container-fluid"> <a class="repo-link btn btn-primary btn-small" href="https://github.com/tomchristie/django-rest-framework/tree/master">GitHub</a> - <a class="repo-link btn btn-inverse btn-small " href="../api-guide/throttling.html">Next <i class="icon-arrow-right icon-white"></i></a> - <a class="repo-link btn btn-inverse btn-small " href="../api-guide/authentication.html"><i class="icon-arrow-left icon-white"></i> Previous</a> + <a class="repo-link btn btn-inverse btn-small " href="../api-guide/throttling">Next <i class="icon-arrow-right icon-white"></i></a> + <a class="repo-link btn btn-inverse btn-small " href="../api-guide/authentication"><i class="icon-arrow-left icon-white"></i> Previous</a> <a class="repo-link btn btn-inverse btn-small" href="#searchModal" data-toggle="modal"><i class="icon-search icon-white"></i> Search</a> <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </a> - <a class="brand" href="file:///Users/tomchristie/GitHub/django-rest-framework/html/index.html">Django REST framework</a> + <a class="brand" href="http://www.django-rest-framework.org">Django REST framework</a> <div class="nav-collapse collapse"> <ul class="nav"> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html/index.html">Home</a></li> + <li><a href="http://www.django-rest-framework.org">Home</a></li> <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">Tutorial <b class="caret"></b></a> <ul class="dropdown-menu"> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//tutorial/quickstart.html">Quickstart</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//tutorial/1-serialization.html">1 - Serialization</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//tutorial/2-requests-and-responses.html">2 - Requests and responses</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//tutorial/3-class-based-views.html">3 - Class based views</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//tutorial/4-authentication-and-permissions.html">4 - Authentication and permissions</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//tutorial/5-relationships-and-hyperlinked-apis.html">5 - Relationships and hyperlinked APIs</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//tutorial/6-viewsets-and-routers.html">6 - Viewsets and routers</a></li> + <li><a href="http://www.django-rest-framework.org/tutorial/quickstart">Quickstart</a></li> + <li><a href="http://www.django-rest-framework.org/tutorial/1-serialization">1 - Serialization</a></li> + <li><a href="http://www.django-rest-framework.org/tutorial/2-requests-and-responses">2 - Requests and responses</a></li> + <li><a href="http://www.django-rest-framework.org/tutorial/3-class-based-views">3 - Class based views</a></li> + <li><a href="http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions">4 - Authentication and permissions</a></li> + <li><a href="http://www.django-rest-framework.org/tutorial/5-relationships-and-hyperlinked-apis">5 - Relationships and hyperlinked APIs</a></li> + <li><a href="http://www.django-rest-framework.org/tutorial/6-viewsets-and-routers">6 - Viewsets and routers</a></li> </ul> </li> <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">API Guide <b class="caret"></b></a> <ul class="dropdown-menu"> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/requests.html">Requests</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/responses.html">Responses</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/views.html">Views</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/generic-views.html">Generic views</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/viewsets.html">Viewsets</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/routers.html">Routers</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/parsers.html">Parsers</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/renderers.html">Renderers</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/serializers.html">Serializers</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/fields.html">Serializer fields</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/relations.html">Serializer relations</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/authentication.html">Authentication</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/permissions.html">Permissions</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/throttling.html">Throttling</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/filtering.html">Filtering</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/pagination.html">Pagination</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/content-negotiation.html">Content negotiation</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/format-suffixes.html">Format suffixes</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/reverse.html">Returning URLs</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/exceptions.html">Exceptions</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/status-codes.html">Status codes</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/testing.html">Testing</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//api-guide/settings.html">Settings</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/requests">Requests</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/responses">Responses</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/views">Views</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/generic-views">Generic views</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/viewsets">Viewsets</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/routers">Routers</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/parsers">Parsers</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/renderers">Renderers</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/serializers">Serializers</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/fields">Serializer fields</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/relations">Serializer relations</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/authentication">Authentication</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/permissions">Permissions</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/throttling">Throttling</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/filtering">Filtering</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/pagination">Pagination</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/content-negotiation">Content negotiation</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/format-suffixes">Format suffixes</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/reverse">Returning URLs</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/exceptions">Exceptions</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/status-codes">Status codes</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/testing">Testing</a></li> + <li><a href="http://www.django-rest-framework.org/api-guide/settings">Settings</a></li> </ul> </li> <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">Topics <b class="caret"></b></a> <ul class="dropdown-menu"> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/documenting-your-api.html">Documenting your API</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/ajax-csrf-cors.html">AJAX, CSRF & CORS</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/browser-enhancements.html">Browser enhancements</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/browsable-api.html">The Browsable API</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/rest-hypermedia-hateoas.html">REST, Hypermedia & HATEOAS</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/contributing.html">Contributing to REST framework</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/rest-framework-2-announcement.html">2.0 Announcement</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/2.2-announcement.html">2.2 Announcement</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/2.3-announcement.html">2.3 Announcement</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/kickstarter-announcement.html">Kickstarter Announcement</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/release-notes.html">Release Notes</a></li> - <li><a href="file:///Users/tomchristie/GitHub/django-rest-framework/html//topics/credits.html">Credits</a></li> + <li><a href="http://www.django-rest-framework.org/topics/documenting-your-api">Documenting your API</a></li> + <li><a href="http://www.django-rest-framework.org/topics/ajax-csrf-cors">AJAX, CSRF & CORS</a></li> + <li><a href="http://www.django-rest-framework.org/topics/browser-enhancements">Browser enhancements</a></li> + <li><a href="http://www.django-rest-framework.org/topics/browsable-api">The Browsable API</a></li> + <li><a href="http://www.django-rest-framework.org/topics/rest-hypermedia-hateoas">REST, Hypermedia & HATEOAS</a></li> + <li><a href="http://www.django-rest-framework.org/topics/contributing">Contributing to REST framework</a></li> + <li><a href="http://www.django-rest-framework.org/topics/rest-framework-2-announcement">2.0 Announcement</a></li> + <li><a href="http://www.django-rest-framework.org/topics/2.2-announcement">2.2 Announcement</a></li> + <li><a href="http://www.django-rest-framework.org/topics/2.3-announcement">2.3 Announcement</a></li> + <li><a href="http://www.django-rest-framework.org/topics/kickstarter-announcement">Kickstarter Announcement</a></li> + <li><a href="http://www.django-rest-framework.org/topics/release-notes">Release Notes</a></li> + <li><a href="http://www.django-rest-framework.org/topics/credits">Credits</a></li> </ul> </li> </ul> @@ -218,7 +218,7 @@ a.fusion-poweredby { <p>Authentication or identification by itself is not usually sufficient to gain access to information or code. For that, the entity requesting access must have authorization.</p> <p>— <a href="https://developer.apple.com/library/mac/#documentation/security/Conceptual/AuthenticationAndAuthorizationGuide/Authorization/Authorization.html">Apple Developer Documentation</a></p> </blockquote> -<p>Together with <a href="authentication.html">authentication</a> and <a href="throttling.html">throttling</a>, permissions determine whether a request should be granted or denied access.</p> +<p>Together with <a href="authentication">authentication</a> and <a href="throttling">throttling</a>, permissions determine whether a request should be granted or denied access.</p> <p>Permission checks are always run at the very start of the view, before any other code is allowed to proceed. Permission checks will typically use the authentication information in the <code>request.user</code> and <code>request.auth</code> properties to determine if the incoming request should be permitted.</p> <h2 id="how-permissions-are-determined">How permissions are determined</h2> <p>Permissions in REST framework are always defined as a list of permission classes. </p> @@ -239,7 +239,7 @@ or if you override the <code>get_object</code> method on a generic view, then yo </code></pre> <h4 id="limitations-of-object-level-permissions">Limitations of object level permissions</h4> <p>For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.</p> -<p>Often when you're using object level permissions you'll also want to <a href="filtering.html">filter the queryset</a> appropriately, to ensure that users only have visibility onto instances that they are permitted to view.</p> +<p>Often when you're using object level permissions you'll also want to <a href="filtering">filter the queryset</a> appropriately, to ensure that users only have visibility onto instances that they are permitted to view.</p> <h2 id="setting-the-permission-policy">Setting the permission policy</h2> <p>The default permission policy may be set globally, using the <code>DEFAULT_PERMISSION_CLASSES</code> setting. For example.</p> <pre class="prettyprint lang-py"><code>REST_FRAMEWORK = { @@ -339,7 +339,7 @@ else: <hr /> <p><strong>Note</strong>: In versions 2.0 and 2.1, the signature for the permission checks always included an optional <code>obj</code> parameter, like so: <code>.has_permission(self, request, view, obj=None)</code>. The method would be called twice, first for the global permission checks, with no object supplied, and second for the object-level check when required.</p> <p>As of version 2.2 this signature has now been replaced with two separate method calls, which is more explicit and obvious. The old style signature continues to work, but its use will result in a <code>PendingDeprecationWarning</code>, which is silent by default. In 2.3 this will be escalated to a <code>DeprecationWarning</code>, and in 2.4 the old-style signature will be removed.</p> -<p>For more details see the <a href="../topics/2.2-announcement.html">2.2 release announcement</a>.</p> +<p>For more details see the <a href="../topics/2.2-announcement">2.2 release announcement</a>.</p> <hr /> <h2 id="examples">Examples</h2> <p>The following is an example of a permission class that checks the incoming request's IP address against a blacklist, and denies the request if the IP has been blacklisted.</p> @@ -372,7 +372,7 @@ class BlacklistPermission(permissions.BasePermission): return obj.owner == request.user </code></pre> <p>Note that the generic views will check the appropriate object level permissions, but if you're writing your own custom views, you'll need to make sure you check the object level permission checks yourself. You can do so by calling <code>self.check_object_permissions(request, obj)</code> from the view once you have the object instance. This call will raise an appropriate <code>APIException</code> if any object-level permission checks fail, and will otherwise simply return.</p> -<p>Also note that the generic views will only check the object-level permissions for views that retrieve a single model instance. If you require object-level filtering of list views, you'll need to filter the queryset separately. See the <a href="filtering.html">filtering documentation</a> for more details.</p> +<p>Also note that the generic views will only check the object-level permissions for views that retrieve a single model instance. If you require object-level filtering of list views, you'll need to filter the queryset separately. See the <a href="filtering">filtering documentation</a> for more details.</p> <hr /> <h1 id="third-party-packages">Third party packages</h1> <p>The following third party packages are also available.</p> @@ -397,9 +397,9 @@ class BlacklistPermission(permissions.BasePermission): <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> - <script src="file:///Users/tomchristie/GitHub/django-rest-framework/html//js/jquery-1.8.1-min.js"></script> - <script src="file:///Users/tomchristie/GitHub/django-rest-framework/html//js/prettify-1.0.js"></script> - <script src="file:///Users/tomchristie/GitHub/django-rest-framework/html//js/bootstrap-2.1.1-min.js"></script> + <script src="http://www.django-rest-framework.org/js/jquery-1.8.1-min.js"></script> + <script src="http://www.django-rest-framework.org/js/prettify-1.0.js"></script> + <script src="http://www.django-rest-framework.org/js/bootstrap-2.1.1-min.js"></script> <script> //$('.side-nav').scrollspy() |