diff options
| author | Tom Christie | 2013-04-30 19:32:34 +0100 |
|---|---|---|
| committer | Tom Christie | 2013-04-30 19:32:34 +0100 |
| commit | 22af28d146f2c4caccafafc78603ce20ffd76425 (patch) | |
| tree | 8dbf025ea1efaf257417b4a7c94263f0688c2786 /docs/api-guide | |
| parent | 7eba12fd28766971a25491a9360aaf0fda684a0f (diff) | |
| parent | 5d357a9b0807311b97de1e999be588f36fcd5b2f (diff) | |
| download | django-rest-framework-22af28d146f2c4caccafafc78603ce20ffd76425.tar.bz2 | |
Merge master
Diffstat (limited to 'docs/api-guide')
| -rw-r--r-- | docs/api-guide/permissions.md | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 5dbaf338..db0d4b26 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -21,7 +21,12 @@ If any permission check fails an `exceptions.PermissionDenied` exception will be REST framework permissions also support object-level permissioning. Object level permissions are used to determine if a user should be allowed to act on a particular object, which will typically be a model instance. -Object level permissions are run by REST framework's generic views when `.get_object()` is called. As with view level permissions, an `exceptions.PermissionDenied` exception will be raised if the user is not allowed to act on the given object. +Object level permissions are run by REST framework's generic views when `.get_object()` is called. +As with view level permissions, an `exceptions.PermissionDenied` exception will be raised if the user is not allowed to act on the given object. + +If you're writing your own views and want to enforce object level permissions, +you'll need to explicitly call the `.check_object_permissions(request, obj)` method on the view at the point at which you've retrieved the object. +This will either raise a `PermissionDenied` or `NotAuthenticated` exception, or simply return if the view has the appropriate permissions. ## Setting the permission policy |