Enforce object permissions check when rendering forms in browseable API

author: Tom Christie 2013-05-18 21:19:53 +0100
committer: Tom Christie 2013-05-18 21:19:53 +0100
commit: 4802177766b92c644d7c6f446d0bdf2dbe1917e6 (patch)
tree: 22dae3fd9e449be8a93fa389e741f7728a45cbb4 /rest_framework/renderers.py
parent: 5ed3f59a2c5ed41c56cd47ec25dc196f3c8a3c54 (diff)
download: django-rest-framework-4802177766b92c644d7c6f446d0bdf2dbe1917e6.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
index 6b508e6d..08df7e91 100644
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@@ -349,6 +349,7 @@ class BrowsableAPIRenderer(BaseRenderer):
 
         try:
             view.check_permissions(request)
+            view.check_object_permissions(request, obj)
         except exceptions.APIException:
             return False  # Doesn't have permissions
         return True
author	Tom Christie	2013-05-18 21:19:53 +0100
committer	Tom Christie	2013-05-18 21:19:53 +0100
commit	4802177766b92c644d7c6f446d0bdf2dbe1917e6 (patch)
tree	22dae3fd9e449be8a93fa389e741f7728a45cbb4 /rest_framework/renderers.py
parent	5ed3f59a2c5ed41c56cd47ec25dc196f3c8a3c54 (diff)
download	django-rest-framework-4802177766b92c644d7c6f446d0bdf2dbe1917e6.tar.bz2