diff options
| author | Tom Christie | 2014-12-03 23:11:04 +0000 |
|---|---|---|
| committer | Tom Christie | 2014-12-03 23:11:04 +0000 |
| commit | af23ec36bbf4ccb8f4179e790b49b11677ccf6ee (patch) | |
| tree | 7ea80a203cc8718150cd55e4403f3f4771160281 /docs/api-guide/permissions.md | |
| parent | 3a5b3772fefc3c2f2c0899947cbc07bfe6e6b5d2 (diff) | |
| parent | 0cc990792c63caa8fa8fea62cea53b0d28157b55 (diff) | |
| download | django-rest-framework-af23ec36bbf4ccb8f4179e790b49b11677ccf6ee.tar.bz2 | |
Merge branch 'jpadilla-oauth_as_package' into version-3.1
Diffstat (limited to 'docs/api-guide/permissions.md')
| -rw-r--r-- | docs/api-guide/permissions.md | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index f068f0f7..7558475f 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -154,21 +154,6 @@ As with `DjangoModelPermissions` you can use custom model permissions by overrid --- -## TokenHasReadWriteScope - -This permission class is intended for use with either of the `OAuthAuthentication` and `OAuth2Authentication` classes, and ties into the scoping that their backends provide. - -Requests with a safe methods of `GET`, `OPTIONS` or `HEAD` will be allowed if the authenticated token has read permission. - -Requests for `POST`, `PUT`, `PATCH` and `DELETE` will be allowed if the authenticated token has write permission. - -This permission class relies on the implementations of the [django-oauth-plus][django-oauth-plus] and [django-oauth2-provider][django-oauth2-provider] libraries, which both provide limited support for controlling the scope of access tokens: - -* `django-oauth-plus`: Tokens are associated with a `Resource` class which has a `name`, `url` and `is_readonly` properties. -* `django-oauth2-provider`: Tokens are associated with a bitwise `scope` attribute, that defaults to providing bitwise values for `read` and/or `write`. - -If you require more advanced scoping for your API, such as restricting tokens to accessing a subset of functionality of your API then you will need to provide a custom permission class. See the source of the `django-oauth-plus` or `django-oauth2-provider` package for more details on scoping token access. - --- # Custom permissions @@ -256,8 +241,6 @@ The [REST Condition][rest-condition] package is another extension for building c [objectpermissions]: https://docs.djangoproject.com/en/dev/topics/auth/customizing/#handling-object-permissions [guardian]: https://github.com/lukaszb/django-guardian [get_objects_for_user]: http://pythonhosted.org/django-guardian/api/guardian.shortcuts.html#get-objects-for-user -[django-oauth-plus]: http://code.larlet.fr/django-oauth-plus -[django-oauth2-provider]: https://github.com/caffeinehit/django-oauth2-provider [2.2-announcement]: ../topics/2.2-announcement.md [filtering]: filtering.md [drf-any-permissions]: https://github.com/kevin-brown/drf-any-permissions |