Back out permissions example change in favor of easier to follow example

author: Tom Christie 2013-12-23 09:12:34 +0000
committer: Tom Christie 2013-12-23 09:12:34 +0000
commit: d8a95b4b6d4480089d38808b45a7b47f30e81cdd (patch)
tree: 5f1078a2bf70716d479686d99f76d18ea5407863 /docs
parent: c385723648710d0cb5757a8829826dfe77b31036 (diff)
download: django-rest-framework-d8a95b4b6d4480089d38808b45a7b47f30e81cdd.tar.bz2
1 files changed, 6 insertions, 3 deletions
diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md
index 986f13ff..bdc6b579 100644
--- a/docs/tutorial/4-authentication-and-permissions.md
+++ b/docs/tutorial/4-authentication-and-permissions.md
@@ -163,12 +163,15 @@ In the snippets app, create a new file, `permissions.py`
         """
         Custom permission to only allow owners of an object to edit it.
         """
-    
+
         def has_object_permission(self, request, view, obj):
             # Read permissions are allowed to any request,
             # so we'll always allow GET, HEAD or OPTIONS requests.
-            # Write permissions are only allowed to the owner of the snippet
-            return request.method in permissions.SAFE_METHODS or obj.owner == request.user
+            if request.method in permissions.SAFE_METHODS:
+                return True
+
+            # Write permissions are only allowed to the owner of the snippet.
+            return obj.owner == request.user
 
 Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class:
author	Tom Christie	2013-12-23 09:12:34 +0000
committer	Tom Christie	2013-12-23 09:12:34 +0000
commit	d8a95b4b6d4480089d38808b45a7b47f30e81cdd (patch)
tree	5f1078a2bf70716d479686d99f76d18ea5407863 /docs
parent	c385723648710d0cb5757a8829826dfe77b31036 (diff)
download	django-rest-framework-d8a95b4b6d4480089d38808b45a7b47f30e81cdd.tar.bz2