diff options
| author | Ben Konrath | 2012-11-01 14:06:56 +0100 |
|---|---|---|
| committer | Ben Konrath | 2012-11-01 14:06:56 +0100 |
| commit | 9c82f9717e58f1bb250d5fd4b27619dbcbbd1f21 (patch) | |
| tree | e976854e6871a8b826e91d8eb16d9a139b90664f /rest_framework/permissions.py | |
| parent | c24997df3b943e5d7a3b2e101508e4b79ee82dc4 (diff) | |
| parent | 204db7bdaa59cd17f762d6cf0e6a8623c2cc9939 (diff) | |
| download | django-rest-framework-9c82f9717e58f1bb250d5fd4b27619dbcbbd1f21.tar.bz2 | |
Merge branch 'master' into restframework2-filter
Diffstat (limited to 'rest_framework/permissions.py')
| -rw-r--r-- | rest_framework/permissions.py | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 13ea39ea..655b78a3 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -1,8 +1,5 @@ """ -The :mod:`permissions` module bundles a set of permission classes that are used -for checking if a request passes a certain set of constraints. - -Permission behavior is provided by mixing the :class:`mixins.PermissionsMixin` class into a :class:`View` class. +Provides a set of pluggable permission policies. """ @@ -16,11 +13,22 @@ class BasePermission(object): def has_permission(self, request, view, obj=None): """ - Should simply return, or raise an :exc:`response.ImmediateResponse`. + Return `True` if permission is granted, `False` otherwise. """ raise NotImplementedError(".has_permission() must be overridden.") +class AllowAny(BasePermission): + """ + Allow any access. + This isn't strictly required, since you could use an empty + permission_classes list, but it's useful because it makes the intention + more explicit. + """ + def has_permission(self, request, view, obj=None): + return True + + class IsAuthenticated(BasePermission): """ Allows access only to authenticated users. @@ -64,7 +72,8 @@ class DjangoModelPermissions(BasePermission): It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the model. - This permission should only be used on views with a `ModelResource`. + This permission will only be applied against view classes that + provide a `.model` attribute, such as the generic class-based views. """ # Map methods into required permission codes. @@ -87,12 +96,15 @@ class DjangoModelPermissions(BasePermission): """ kwargs = { 'app_label': model_cls._meta.app_label, - 'model_name': model_cls._meta.module_name + 'model_name': model_cls._meta.module_name } return [perm % kwargs for perm in self.perms_map[method]] def has_permission(self, request, view, obj=None): - model_cls = view.model + model_cls = getattr(view, 'model', None) + if not model_cls: + return True + perms = self.get_required_permissions(request.method, model_cls) if (request.user and |