From d6806340e54408858da4b2dc991be99edd65df76 Mon Sep 17 00:00:00 2001 From: amatellanes Date: Mon, 23 Dec 2013 08:50:46 +0100 Subject: Simplified some examples in tutorial --- docs/tutorial/4-authentication-and-permissions.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'docs/tutorial/4-authentication-and-permissions.md') diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index b472322a..986f13ff 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -163,15 +163,12 @@ In the snippets app, create a new file, `permissions.py` """ Custom permission to only allow owners of an object to edit it. """ - + def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request, # so we'll always allow GET, HEAD or OPTIONS requests. - if request.method in permissions.SAFE_METHODS: - return True - # Write permissions are only allowed to the owner of the snippet - return obj.owner == request.user + return request.method in permissions.SAFE_METHODS or obj.owner == request.user Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: -- cgit v1.2.3 From 74f1cf635536ea99937954a11fa11531a832ebc2 Mon Sep 17 00:00:00 2001 From: amatellanes Date: Mon, 23 Dec 2013 08:56:34 +0100 Subject: Revert "Simplified some examples in tutorial" This reverts commit d6806340e54408858da4b2dc991be99edd65df76. --- docs/tutorial/4-authentication-and-permissions.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'docs/tutorial/4-authentication-and-permissions.md') diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index 986f13ff..b472322a 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -163,12 +163,15 @@ In the snippets app, create a new file, `permissions.py` """ Custom permission to only allow owners of an object to edit it. """ - + def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request, # so we'll always allow GET, HEAD or OPTIONS requests. + if request.method in permissions.SAFE_METHODS: + return True + # Write permissions are only allowed to the owner of the snippet - return request.method in permissions.SAFE_METHODS or obj.owner == request.user + return obj.owner == request.user Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: -- cgit v1.2.3 From 2846ddb5d2ba84b3905d4dc0593afe3a0d4b2749 Mon Sep 17 00:00:00 2001 From: amatellanes Date: Mon, 23 Dec 2013 09:06:03 +0100 Subject: Simplified some examples in tutorial --- docs/tutorial/4-authentication-and-permissions.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'docs/tutorial/4-authentication-and-permissions.md') diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index b472322a..986f13ff 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -163,15 +163,12 @@ In the snippets app, create a new file, `permissions.py` """ Custom permission to only allow owners of an object to edit it. """ - + def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request, # so we'll always allow GET, HEAD or OPTIONS requests. - if request.method in permissions.SAFE_METHODS: - return True - # Write permissions are only allowed to the owner of the snippet - return obj.owner == request.user + return request.method in permissions.SAFE_METHODS or obj.owner == request.user Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: -- cgit v1.2.3 From d8a95b4b6d4480089d38808b45a7b47f30e81cdd Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 23 Dec 2013 09:12:34 +0000 Subject: Back out permissions example change in favor of easier to follow example --- docs/tutorial/4-authentication-and-permissions.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'docs/tutorial/4-authentication-and-permissions.md') diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index 986f13ff..bdc6b579 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -163,12 +163,15 @@ In the snippets app, create a new file, `permissions.py` """ Custom permission to only allow owners of an object to edit it. """ - + def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request, # so we'll always allow GET, HEAD or OPTIONS requests. - # Write permissions are only allowed to the owner of the snippet - return request.method in permissions.SAFE_METHODS or obj.owner == request.user + if request.method in permissions.SAFE_METHODS: + return True + + # Write permissions are only allowed to the owner of the snippet. + return obj.owner == request.user Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: -- cgit v1.2.3