Add the implementation for TokenHasReadWriteScope permissions w/ oauth 1

author: Pierre Dulac 2013-03-10 14:40:20 +0100
committer: Pierre Dulac 2013-03-10 14:40:20 +0100
commit: eec8efafc3eeacf00696208d2e1e55a11821257b (patch)
tree: 9f16aba8b91aece7480ada162d768230c24b3204 /rest_framework/permissions.py
parent: e03906a5c4101853b709403266b738911680c4b5 (diff)
download: django-rest-framework-eec8efafc3eeacf00696208d2e1e55a11821257b.tar.bz2
1 files changed, 6 insertions, 2 deletions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 519a3691..c477474c 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -140,12 +140,16 @@ class TokenHasReadWriteScope(BasePermission):
 
         read_only = request.method in SAFE_METHODS
         if hasattr(request.auth, 'resource'):  # oauth 1
-            pass
+            if read_only:
+                return True
+            elif request.auth.resource.is_readonly is False:
+                return True
+            return False
         elif hasattr(request.auth, 'scope'):   # oauth 2
             scope_valid = lambda scope_wanted_key, scope_had: oauth2_provider_scope.check(
                 oauth2_provider_scope.SCOPE_NAME_DICT[scope_wanted_key], scope_had)
 
-            if (read_only and scope_valid('read', request.auth.scope)):
+            if read_only and scope_valid('read', request.auth.scope):
                 return True
             elif scope_valid('write', request.auth.scope):
                 return True
author	Pierre Dulac	2013-03-10 14:40:20 +0100
committer	Pierre Dulac	2013-03-10 14:40:20 +0100
commit	eec8efafc3eeacf00696208d2e1e55a11821257b (patch)
tree	9f16aba8b91aece7480ada162d768230c24b3204 /rest_framework/permissions.py
parent	e03906a5c4101853b709403266b738911680c4b5 (diff)
download	django-rest-framework-eec8efafc3eeacf00696208d2e1e55a11821257b.tar.bz2