Example custome permission. Fixes #299.

author: Tom Christie 2013-01-28 07:29:50 +0000
committer: Tom Christie 2013-01-28 07:29:50 +0000
commit: 84a33b0a1f89047a24af6845600cccd982bc2baf (patch)
tree: e1c72dc8fbdfc6b35d2e14a3e6e063575497f7e0 /docs/api-guide
parent: ccb4ef081191bb8fa3d76d698d61190c1d9c3f65 (diff)
download: django-rest-framework-84a33b0a1f89047a24af6845600cccd982bc2baf.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md
index fce68f6d..1814b811 100644
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@@ -110,6 +110,15 @@ To implement a custom permission, override `BasePermission` and implement the `.
 
 The method should return `True` if the request should be granted access, and `False` otherwise.
 
+## Example
+
+The following is an example of a permission class that checks the incoming request's IP address against a blacklist, and denies the request if the IP has been blacklisted.
+
+    class BlacklistPermission(permissions.BasePermission):
+        def has_permission(self, request, view, obj=None):
+            ip_addr = request.META['REMOTE_ADDR']
+            blacklisted = Blacklist.objects.filter(ip_addr=ip_addr).exists()
+            return not blacklisted
 
 [cite]: https://developer.apple.com/library/mac/#documentation/security/Conceptual/AuthenticationAndAuthorizationGuide/Authorization/Authorization.html
 [authentication]: authentication.md
author	Tom Christie	2013-01-28 07:29:50 +0000
committer	Tom Christie	2013-01-28 07:29:50 +0000
commit	84a33b0a1f89047a24af6845600cccd982bc2baf (patch)
tree	e1c72dc8fbdfc6b35d2e14a3e6e063575497f7e0 /docs/api-guide
parent	ccb4ef081191bb8fa3d76d698d61190c1d9c3f65 (diff)
download	django-rest-framework-84a33b0a1f89047a24af6845600cccd982bc2baf.tar.bz2