diff options
| author | Tom Christie | 2013-04-27 14:29:32 +0200 |
|---|---|---|
| committer | Tom Christie | 2013-04-27 14:29:32 +0200 |
| commit | 73019f91fe55f2ac16ce179917f686bf1a931597 (patch) | |
| tree | 58b082574b373437f5a192c836cb1e2a3cf1bc87 /docs | |
| parent | eaac15294080e9cda1610168262f9da2fd088e73 (diff) | |
| download | django-rest-framework-73019f91fe55f2ac16ce179917f686bf1a931597.tar.bz2 | |
Update docs on object-level permissions.
Closes #801.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/api-guide/permissions.md | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 4772c5e0..a7de77fc 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -21,7 +21,12 @@ If any permission check fails an `exceptions.PermissionDenied` exception will be REST framework permissions also support object-level permissioning. Object level permissions are used to determine if a user should be allowed to act on a particular object, which will typically be a model instance. -Object level permissions are run by REST framework's generic views when `.get_object()` is called. As with view level permissions, an `exceptions.PermissionDenied` exception will be raised if the user is not allowed to act on the given object. +Object level permissions are run by REST framework's generic views when `.get_object()` is called. +As with view level permissions, an `exceptions.PermissionDenied` exception will be raised if the user is not allowed to act on the given object. + +If you're writing your own views and want to enforce object level permissions, +you'll need to explicitly call the `.check_object_permissions(request, obj)` method on the view at the point at which you've retrieved the object. +This will either raise a `PermissionDenied` or `NotAuthenticated` exception, or simply return if the view has the appropraite permissions. ## Setting the permission policy |