Merge pull request #817 from maspwr/writable-nested-modelserializer

Merge master into writable-nested-modelserializer
author: Tom Christie 2013-05-09 00:57:27 -0700
committer: Tom Christie 2013-05-09 00:57:27 -0700
commit: 9428d6ddb5ebc2d5d9c8557a52be09f0def69cca (patch)
tree: 41003692e65e08934fed7c0cee263e34da1a4110 /rest_framework/permissions.py
parent: 0080bf8a00bcfb1988a5e73fae5635bf4969d534 (diff)
parent: 14482a966168a98d43099d00c163d1c8c3b6471b (diff)
download: django-rest-framework-9428d6ddb5ebc2d5d9c8557a52be09f0def69cca.tar.bz2
1 files changed, 16 insertions, 6 deletions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index ae895f39..751f31a7 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -25,10 +25,12 @@ class BasePermission(object):
         """
         Return `True` if permission is granted, `False` otherwise.
         """
-        if len(inspect.getargspec(self.has_permission)[0]) == 4:
-            warnings.warn('The `obj` argument in `has_permission` is due to be deprecated. '
-                      'Use `has_object_permission()` instead for object permissions.',
-                       PendingDeprecationWarning, stacklevel=2)
+        if len(inspect.getargspec(self.has_permission).args) == 4:
+            warnings.warn(
+                'The `obj` argument in `has_permission` is deprecated. '
+                'Use `has_object_permission()` instead for object permissions.',
+                DeprecationWarning, stacklevel=2
+            )
             return self.has_permission(request, view, obj)
         return True
 
@@ -87,8 +89,8 @@ class DjangoModelPermissions(BasePermission):
     It ensures that the user is authenticated, and has the appropriate
     `add`/`change`/`delete` permissions on the model.
 
-    This permission will only be applied against view classes that
-    provide a `.model` attribute, such as the generic class-based views.
+    This permission can only be applied against view classes that
+    provide a `.model` or `.queryset` attribute.
     """
 
     # Map methods into required permission codes.
@@ -136,6 +138,14 @@ class DjangoModelPermissions(BasePermission):
         return False
 
 
+class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions):
+    """
+    Similar to DjangoModelPermissions, except that anonymous users are
+    allowed read-only access.
+    """
+    authenticated_users_only = False
+
+
 class TokenHasReadWriteScope(BasePermission):
     """
     The request is authenticated as a user and the token used has the right scope
author	Tom Christie	2013-05-09 00:57:27 -0700
committer	Tom Christie	2013-05-09 00:57:27 -0700
commit	9428d6ddb5ebc2d5d9c8557a52be09f0def69cca (patch)
tree	41003692e65e08934fed7c0cee263e34da1a4110 /rest_framework/permissions.py
parent	0080bf8a00bcfb1988a5e73fae5635bf4969d534 (diff)
parent	14482a966168a98d43099d00c163d1c8c3b6471b (diff)
download	django-rest-framework-9428d6ddb5ebc2d5d9c8557a52be09f0def69cca.tar.bz2