diff options
| author | Tom Christie | 2013-05-07 05:08:28 -0700 |
|---|---|---|
| committer | Tom Christie | 2013-05-07 05:08:28 -0700 |
| commit | 5356af8651fccacf5524add33569dd84d9e78646 (patch) | |
| tree | 8f7145c0a4cfeab61e1e523409b82091f44dfdbb /docs/api-guide/permissions.md | |
| parent | 287ff43cdd85a5c2275205bf37e19dea3f69ad01 (diff) | |
| parent | 0f00da848d9a8d25a0049231e9794da71a96662b (diff) | |
| download | django-rest-framework-5356af8651fccacf5524add33569dd84d9e78646.tar.bz2 | |
Merge pull request #808 from tomchristie/2.3
2.3
Diffstat (limited to 'docs/api-guide/permissions.md')
| -rw-r--r-- | docs/api-guide/permissions.md | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 0c82b2a3..db0d4b26 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -44,7 +44,8 @@ If not specified, this setting defaults to allowing unrestricted access: 'rest_framework.permissions.AllowAny', ) -You can also set the authentication policy on a per-view basis, using the `APIView` class based views. +You can also set the authentication policy on a per-view, or per-viewset basis, +using the `APIView` class based views. class ExampleView(APIView): permission_classes = (IsAuthenticated,) @@ -100,16 +101,15 @@ This permission class ties into Django's standard `django.contrib.auth` [model p * `POST` requests require the user to have the `add` permission on the model. * `PUT` and `PATCH` requests require the user to have the `change` permission on the model. * `DELETE` requests require the user to have the `delete` permission on the model. - -If you want to use `DjangoModelPermissions` but also allow unauthenticated users to have read permission, override the class and set the `authenticated_users_only` property to `False`. For example: - - class HasModelPermissionsOrReadOnly(DjangoModelPermissions): - authenticated_users_only = False The default behaviour can also be overridden to support custom model permissions. For example, you might want to include a `view` model permission for `GET` requests. To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property. Refer to the source code for details. +## DjangoModelPermissionsOrAnonReadOnly + +Similar to `DjangoModelPermissions`, but also allows unauthenticated users to have read-only access to the API. + ## TokenHasReadWriteScope This permission class is intended for use with either of the `OAuthAuthentication` and `OAuth2Authentication` classes, and ties into the scoping that their backends provide. |