check authentication after checking ModelResource

author: Camille Harang 2012-02-11 01:54:28 +0100
committer: Camille Harang 2012-02-11 01:54:28 +0100
commit: b236241982b95a35cdb251e5020004050fb6567a (patch)
tree: a62e44533825ce49a46cbfa11135e15159e90645 /djangorestframework/permissions.py
parent: bc80eb266f071e0c090fcf882722d4dd056ccf61 (diff)
download: django-rest-framework-b236241982b95a35cdb251e5020004050fb6567a.tar.bz2
1 files changed, 4 insertions, 4 deletions
diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py
index 100a976e..92e90fc3 100644
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@@ -99,16 +99,16 @@ class DjangoModelPermisson(BasePermission):
         if self.view.request.method in ('GET', 'OPTIONS', 'HEAD',):
             return
 
-        # User must be logged in to check permissions.
-        if not hasattr(self.view.request, 'user') or not self.view.request.user.is_authenticated():
-            raise _403_FORBIDDEN_RESPONSE
-
         klass = self.view.resource.model
 
         # If it doesn't look like a model, we can't check permissions.
         if not klass or not getattr(klass, '_meta', None):
             return
 
+        # User must be logged in to check permissions.
+        if not hasattr(self.view.request, 'user') or not self.view.request.user.is_authenticated():
+            raise _403_FORBIDDEN_RESPONSE
+
         permission_map = {
             'POST': ['%s.add_%s'],
             'PUT': ['%s.change_%s'],
author	Camille Harang	2012-02-11 01:54:28 +0100
committer	Camille Harang	2012-02-11 01:54:28 +0100
commit	b236241982b95a35cdb251e5020004050fb6567a (patch)
tree	a62e44533825ce49a46cbfa11135e15159e90645 /djangorestframework/permissions.py
parent	bc80eb266f071e0c090fcf882722d4dd056ccf61 (diff)
download	django-rest-framework-b236241982b95a35cdb251e5020004050fb6567a.tar.bz2