Simplified some examples in tutorial

author: amatellanes 2013-12-23 09:06:03 +0100
committer: amatellanes 2013-12-23 09:06:03 +0100
commit: 2846ddb5d2ba84b3905d4dc0593afe3a0d4b2749 (patch)
tree: 6922257bd3c636dc490239d999f79e3901f3e64e /docs/tutorial/4-authentication-and-permissions.md
parent: 67a2b5a8cbba21ba85bda935390adeee01abd038 (diff)
download: django-rest-framework-2846ddb5d2ba84b3905d4dc0593afe3a0d4b2749.tar.bz2
1 files changed, 2 insertions, 5 deletions
diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md
index b472322a..986f13ff 100644
--- a/docs/tutorial/4-authentication-and-permissions.md
+++ b/docs/tutorial/4-authentication-and-permissions.md
@@ -163,15 +163,12 @@ In the snippets app, create a new file, `permissions.py`
         """
         Custom permission to only allow owners of an object to edit it.
         """
-
+    
         def has_object_permission(self, request, view, obj):
             # Read permissions are allowed to any request,
             # so we'll always allow GET, HEAD or OPTIONS requests.
-            if request.method in permissions.SAFE_METHODS:            
-                return True
-    
             # Write permissions are only allowed to the owner of the snippet
-            return obj.owner == request.user
+            return request.method in permissions.SAFE_METHODS or obj.owner == request.user
 
 Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class:
author	amatellanes	2013-12-23 09:06:03 +0100
committer	amatellanes	2013-12-23 09:06:03 +0100
commit	2846ddb5d2ba84b3905d4dc0593afe3a0d4b2749 (patch)
tree	6922257bd3c636dc490239d999f79e3901f3e64e /docs/tutorial/4-authentication-and-permissions.md
parent	67a2b5a8cbba21ba85bda935390adeee01abd038 (diff)
download	django-rest-framework-2846ddb5d2ba84b3905d4dc0593afe3a0d4b2749.tar.bz2