From 69d169f5f629c1d02361198c4a76839a9f8d528d Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Fri, 8 Mar 2013 23:42:20 +0000
Subject: Neater override hooks and more docs for DjangoModelPermissions.

Refs #702.
---
 docs/api-guide/permissions.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md
index 2db6ce1e..719ac1ef 100644
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@@ -90,12 +90,17 @@ This permission is suitable if you want to your API to allow read permissions to
 
 ## DjangoModelPermissions
 
-This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  When applied to a view that has a `.model` property, authorization will only be granted if the user has the relevant model permissions assigned.
+This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  When applied to a view that has a `.model` property, authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.
 
 * `POST` requests require the user to have the `add` permission on the model.
 * `PUT` and `PATCH` requests require the user to have the `change` permission on the model.
 * `DELETE` requests require the user to have the `delete` permission on the model.
  
+If you want to use `DjangoModelPermissions` but also allow unauthenticated users to have read permission, override the class and set the `authenticated_users_only` property to `False`.  For example:
+
+    class HasModelPermissionsOrReadOnly(DjangoModelPermissions):
+        authenticated_users_only = False
+
 The default behaviour can also be overridden to support custom model permissions.  For example, you might want to include a `view` model permission for `GET` requests.
 
 To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property.  Refer to the source code for details.
-- 
cgit v1.2.3


From 2c6c5d966e47fafbb9bace554ad14bd3b247aef9 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Fri, 8 Mar 2013 23:49:27 +0000
Subject: Update release notes.

---
 docs/topics/release-notes.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'docs')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index eb4d378e..13235a82 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -44,6 +44,7 @@ You can determine your currently installed version using `pip freeze`:
 
 * Filtering backends are now applied to the querysets for object lookups as well as lists.  (Eg you can use a filtering backend to control which objects should 404)
 * Deal with error data nicely when deserializing lists of objects.
+* Extra override hook to configure `DjangoModelPermissions` for unauthenticated users.
 * Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed.
 
 ### 2.2.3
-- 
cgit v1.2.3


From 0df008dc83cacc0ac1aef8f915c3d764b6c4e498 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Sun, 10 Mar 2013 20:37:15 +0000
Subject: Added @bouke for bug fix #722. Thanks!

---
 docs/topics/credits.md | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'docs')

diff --git a/docs/topics/credits.md b/docs/topics/credits.md
index d6f312ed..35a302fd 100644
--- a/docs/topics/credits.md
+++ b/docs/topics/credits.md
@@ -109,6 +109,7 @@ The following people have helped make REST framework great.
 * Wiliam Souza - [waa]
 * Jonas Braun - [iekadou]
 * Ian Dash - [bitmonkey]
+* Bouke Haarsma - [bouke]
 
 Many thanks to everyone who's contributed to the project.
 
@@ -252,3 +253,5 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
 [waa]: https://github.com/wiliamsouza
 [iekadou]: https://github.com/iekadou
 [bitmonkey]: https://github.com/bitmonkey
+[bouke]: https://github.com/bouke
+
-- 
cgit v1.2.3


From 20880232930dd6f3a1de9dda1546c84b9279a258 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Sun, 10 Mar 2013 20:39:04 +0000
Subject: Update release notes

---
 docs/topics/release-notes.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'docs')

diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 13235a82..ff487826 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -45,6 +45,7 @@ You can determine your currently installed version using `pip freeze`:
 * Filtering backends are now applied to the querysets for object lookups as well as lists.  (Eg you can use a filtering backend to control which objects should 404)
 * Deal with error data nicely when deserializing lists of objects.
 * Extra override hook to configure `DjangoModelPermissions` for unauthenticated users.
+* Bugfix: Fix pk relationship bug for some types of 1-to-1 relations.
 * Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed.
 
 ### 2.2.3
-- 
cgit v1.2.3