Add initial explanatory paragraph

author: Tom Christie 2012-10-28 20:50:37 +0000
committer: Tom Christie 2012-10-28 20:50:37 +0000
commit: f2d63467764fd3784e9eb207bdb5b5387e7cd516 (patch)
tree: 49a68e8481f5613f853c9d10586661cd6b84bfcb /docs/tutorial/4-authentication-and-permissions.md
parent: de6908fbef89f9fb02b5a2a7bfcd85280448f241 (diff)
download: django-rest-framework-f2d63467764fd3784e9eb207bdb5b5387e7cd516.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md
index 336d5891..a0d7c5a6 100644
--- a/docs/tutorial/4-authentication-and-permissions.md
+++ b/docs/tutorial/4-authentication-and-permissions.md
@@ -1,7 +1,11 @@
 # Tutorial 4: Authentication & Permissions
 
-Currently our API doesn't have any restrictions on who can 
+Currently our API doesn't have any restrictions on who can edit or delete code snippets.  We'd like to have some more advanced behavior in order to make sure that:
 
+* Code snippets are always associated with a creator.
+* Only authenticated users may create snippets.
+* Only the creator of a snippet may update or delete it.
+* Unauthenticated requests should have full read-only access.
 
 ## Adding information to our model
author	Tom Christie	2012-10-28 20:50:37 +0000
committer	Tom Christie	2012-10-28 20:50:37 +0000
commit	f2d63467764fd3784e9eb207bdb5b5387e7cd516 (patch)
tree	49a68e8481f5613f853c9d10586661cd6b84bfcb /docs/tutorial/4-authentication-and-permissions.md
parent	de6908fbef89f9fb02b5a2a7bfcd85280448f241 (diff)
download	django-rest-framework-f2d63467764fd3784e9eb207bdb5b5387e7cd516.tar.bz2