diff options
| author | Tom Christie | 2013-02-11 13:02:20 +0000 |
|---|---|---|
| committer | Tom Christie | 2013-02-12 08:58:28 +0000 |
| commit | f5a0275547ad264c8a9b9aa2a45cc461723a4f11 (patch) | |
| tree | a73b8835792eca9053ad5c4bc2c91ae7b1ae040b /rest_framework/views.py | |
| parent | 09b01887f234be55c14943028330f569823b2369 (diff) | |
| download | django-rest-framework-f5a0275547ad264c8a9b9aa2a45cc461723a4f11.tar.bz2 | |
Tidy up internal view permission checking logic.
Also document correctly - these methods are now public and will fall
under the deprecation policy from now on.
Diffstat (limited to 'rest_framework/views.py')
| -rw-r--r-- | rest_framework/views.py | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/rest_framework/views.py b/rest_framework/views.py index dd8889ae..55ad8cf3 100644 --- a/rest_framework/views.py +++ b/rest_framework/views.py @@ -258,33 +258,28 @@ class APIView(View): return (renderers[0], renderers[0].media_type) raise - def has_permission(self, request, obj=None): + def check_permissions(self, request): """ - Return `True` if the request should be permitted. + Check if the request should be permitted. + Raises an appropriate exception if the request is not permitted. """ - if obj is not None: - warnings.warn('The `obj` argument in `has_permission` is due to be deprecated. ' - 'Use `has_object_permission()` instead for object permissions.', - PendingDeprecationWarning, stacklevel=2) - return self.has_object_permission(request, obj) - for permission in self.get_permissions(): if not permission.has_permission(request, self): - return False - return True + self.permission_denied(request) - def has_object_permission(self, request, obj): + def check_object_permissions(self, request, obj): """ - Return `True` if the request should be permitted for a given object. + Check if the request should be permitted for a given object. + Raises an appropriate exception if the request is not permitted. """ for permission in self.get_permissions(): if not permission.has_object_permission(request, self, obj): - return False - return True + self.permission_denied(request) def check_throttles(self, request): """ Check if request should be throttled. + Raises an appropriate exception if the request is throttled. """ for throttle in self.get_throttles(): if not throttle.allow_request(request, self): @@ -311,8 +306,7 @@ class APIView(View): self.format_kwarg = self.get_format_suffix(**kwargs) # Ensure that the incoming request is permitted - if not self.has_permission(request): - self.permission_denied(request) + self.check_permissions(request) self.check_throttles(request) # Perform content negotiation and store the accepted info on the request |