Generic permissions added, allowed_methods and anon_allowed_methods now defunct, dispatch now mirrors View.dispatch more nicely

author: Tom Christie 2011-04-25 01:03:23 +0100
committer: Tom Christie 2011-04-25 01:03:23 +0100
commit: 4692374e0d6f020f8a7a95f3a60094d525c59341 (patch)
tree: 016dec93ce950027e2ee6f4a6b8c0e1d5ecf2037 /djangorestframework/mixins.py
parent: cb4b4f6be6eeac3d2383614998a5e1436cb4226e (diff)
download: django-rest-framework-4692374e0d6f020f8a7a95f3a60094d525c59341.tar.bz2
1 files changed, 17 insertions, 13 deletions
diff --git a/djangorestframework/mixins.py b/djangorestframework/mixins.py
index 9af79c66..53262366 100644
--- a/djangorestframework/mixins.py
+++ b/djangorestframework/mixins.py
@@ -396,9 +396,9 @@ class ResponseMixin(object):
 ########## Auth Mixin ##########
 
 class AuthMixin(object):
-    """Mixin class to provide authentication and permissions."""
+    """Mixin class to provide authentication and permission checking."""
     authenticators = ()
-    permitters = ()
+    permissions = ()
 
     @property
     def auth(self):
@@ -406,6 +406,14 @@ class AuthMixin(object):
             self._auth = self._authenticate()
         return self._auth
 
+    def _authenticate(self):
+        for authenticator_cls in self.authenticators:
+            authenticator = authenticator_cls(self)
+            auth = authenticator.authenticate(self.request)
+            if auth:
+                return auth
+        return None
+
     # TODO?
     #@property
     #def user(self):
@@ -421,15 +429,11 @@ class AuthMixin(object):
         if not self.permissions:
             return
 
-        auth = self.auth
-        for permitter_cls in self.permitters:
-            permitter = permission_cls(self)
-            permitter.permit(auth)
+        for permission_cls in self.permissions:
+            permission = permission_cls(self)
+            if not permission.has_permission(self.auth):
+                raise ErrorResponse(status.HTTP_403_FORBIDDEN,
+                                   {'detail': 'You do not have permission to access this resource. ' +
+                                    'You may need to login or otherwise authenticate the request.'})                
+
 
-    def _authenticate(self):
-        for authenticator_cls in self.authenticators:
-            authenticator = authenticator_cls(self)
-            auth = authenticator.authenticate(self.request)
-            if auth:
-                return auth
-        return None
author	Tom Christie	2011-04-25 01:03:23 +0100
committer	Tom Christie	2011-04-25 01:03:23 +0100
commit	4692374e0d6f020f8a7a95f3a60094d525c59341 (patch)
tree	016dec93ce950027e2ee6f4a6b8c0e1d5ecf2037 /djangorestframework/mixins.py
parent	cb4b4f6be6eeac3d2383614998a5e1436cb4226e (diff)
download	django-rest-framework-4692374e0d6f020f8a7a95f3a60094d525c59341.tar.bz2