aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rest_framework/permissions.py15
1 files changed, 8 insertions, 7 deletions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 61a33bdd..70bf9c61 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -154,7 +154,14 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions):
class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
"""
- Basic object level permissions utilizing django-guardian.
+ The request is authenticated using `django.contrib.auth` permissions.
+ See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions
+
+ It ensures that the user is authenticated, and has the appropriate
+ `add`/`change`/`delete` permissions on the object using .has_perms.
+
+ This permission can only be applied against view classes that
+ provide a `.model` or `.queryset` attribute.
"""
actions_map = {
@@ -173,12 +180,6 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
}
return [perm % kwargs for perm in self.actions_map[method]]
- def has_permission(self, request, view):
- if getattr(view, 'action', None) == 'list':
- queryset = view.get_queryset()
- view.queryset = ObjectPermissionReaderFilter().filter_queryset(request, queryset, view)
- return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view)
-
def has_object_permission(self, request, view, obj):
model_cls = getattr(view, 'model', None)
queryset = getattr(view, 'queryset', None)
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-01 19:08:58 +0000