From 3fcc01273c5efef26d911e50c02a4a43f89b34eb Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 27 Jun 2013 20:29:52 +0100 Subject: Remove deprecated code --- rest_framework/permissions.py | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 1036663e..0c7b02ff 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -2,13 +2,10 @@ Provides a set of pluggable permission policies. """ from __future__ import unicode_literals -import inspect -import warnings +from rest_framework.compat import oauth2_provider_scope, oauth2_constants SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] -from rest_framework.compat import oauth2_provider_scope, oauth2_constants - class BasePermission(object): """ @@ -25,13 +22,6 @@ class BasePermission(object): """ Return `True` if permission is granted, `False` otherwise. """ - if len(inspect.getargspec(self.has_permission).args) == 4: - warnings.warn( - 'The `obj` argument in `has_permission` is deprecated. ' - 'Use `has_object_permission()` instead for object permissions.', - DeprecationWarning, stacklevel=2 - ) - return self.has_permission(request, view, obj) return True -- cgit v1.2.3 From 4a9dcfa76089143bbeb5cd43fa3a406365d89e96 Mon Sep 17 00:00:00 2001 From: bwreilly Date: Fri, 6 Sep 2013 11:01:31 -0500 Subject: added guardian as optional requirement, stubbed out object-level permission class --- rest_framework/permissions.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 1036663e..6d213ba1 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -7,7 +7,7 @@ import warnings SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] -from rest_framework.compat import oauth2_provider_scope, oauth2_constants +from rest_framework.compat import oauth2_provider_scope, oauth2_constants, guardian class BasePermission(object): @@ -151,6 +151,11 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): authenticated_users_only = False +class DjangoObjectLevelModelPermissions(DjangoModelPermissions): + def __init__(self): + assert guardian, 'Using DjangoObjectLevelModelPermissions, but guardian is not installed' + + class TokenHasReadWriteScope(BasePermission): """ The request is authenticated as a user and the token used has the right scope -- cgit v1.2.3 From b07de86ad372a185c05c1dd77ccd7bee3801996e Mon Sep 17 00:00:00 2001 From: bwreilly Date: Fri, 6 Sep 2013 12:35:06 -0500 Subject: some properly failing tests, set up for standard permissions --- rest_framework/permissions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 6d213ba1..b67be414 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -153,7 +153,7 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): class DjangoObjectLevelModelPermissions(DjangoModelPermissions): def __init__(self): - assert guardian, 'Using DjangoObjectLevelModelPermissions, but guardian is not installed' + assert guardian, 'Using DjangoObjectLevelModelPermissions, but django-guardian is not installed' class TokenHasReadWriteScope(BasePermission): -- cgit v1.2.3 From 118645e4806effaa35726012a983676b2c55b6dd Mon Sep 17 00:00:00 2001 From: bwreilly Date: Sat, 7 Sep 2013 23:18:52 -0500 Subject: first pass at object level permissions and tests --- rest_framework/permissions.py | 46 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index b67be414..2d8a30e9 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -7,6 +7,7 @@ import warnings SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] +from django.http import Http404 from rest_framework.compat import oauth2_provider_scope, oauth2_constants, guardian @@ -152,9 +153,54 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): class DjangoObjectLevelModelPermissions(DjangoModelPermissions): + """ + Basic object level permissions utilizing django-guardian. + """ + def __init__(self): assert guardian, 'Using DjangoObjectLevelModelPermissions, but django-guardian is not installed' + action_perm_map = { + 'list': 'read', + 'retrieve': 'read', + 'create': 'add', + 'partial_update': 'change', + 'update': 'change', + 'destroy': 'delete', + } + + def _get_names(self, view): + model_cls = getattr(view, 'model', None) + queryset = getattr(view, 'queryset', None) + + if model_cls is None and queryset is not None: + model_cls = queryset.model + if not model_cls: # no model, no model based permissions + return None + model_name = model_cls._meta.module_name + return model_name + + def has_permission(self, request, view): + if view.action == 'list': + user = request.user + queryset = view.get_queryset() + model_name = self._get_names(view) + view.queryset = guardian.shortcuts.get_objects_for_user(user, 'read_' + model_name, queryset) #TODO: move to filter + return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view) + + def has_object_permission(self, request, view, obj): + user = request.user + model_name = self._get_names(view) + action = self.action_perm_map.get(view.action) + + assert action, "Tried to determine object permissions but no action specified in view" + + perm = "{action}_{model_name}".format(action=action, model_name=model_name) + check = user.has_perm(perm, obj) + if not check: + raise Http404 + return user.has_perm(perm, obj) + class TokenHasReadWriteScope(BasePermission): """ -- cgit v1.2.3 From 9ff0f6d3bff3c1d02d2ccaf4f1500e25cb97620d Mon Sep 17 00:00:00 2001 From: bwreilly Date: Sat, 7 Sep 2013 23:48:03 -0500 Subject: switch to a dedicated filter for read list object permissions --- rest_framework/permissions.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 2d8a30e9..0d5e0e78 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -9,6 +9,7 @@ SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] from django.http import Http404 from rest_framework.compat import oauth2_provider_scope, oauth2_constants, guardian +from rest_framework.filters import ObjectPermissionReaderFilter class BasePermission(object): @@ -169,7 +170,7 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions): 'destroy': 'delete', } - def _get_names(self, view): + def _get_model_name(self, view): model_cls = getattr(view, 'model', None) queryset = getattr(view, 'queryset', None) @@ -182,19 +183,17 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions): def has_permission(self, request, view): if view.action == 'list': - user = request.user queryset = view.get_queryset() - model_name = self._get_names(view) - view.queryset = guardian.shortcuts.get_objects_for_user(user, 'read_' + model_name, queryset) #TODO: move to filter + view.queryset = ObjectPermissionReaderFilter().filter_queryset(request, queryset, view) return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view) def has_object_permission(self, request, view, obj): - user = request.user - model_name = self._get_names(view) action = self.action_perm_map.get(view.action) - assert action, "Tried to determine object permissions but no action specified in view" + user = request.user + model_name = self._get_model_name(view) + perm = "{action}_{model_name}".format(action=action, model_name=model_name) check = user.has_perm(perm, obj) if not check: -- cgit v1.2.3 From 0183c69538de7b6dc4e9b0602fc364e789e0cab6 Mon Sep 17 00:00:00 2001 From: bwreilly Date: Mon, 9 Sep 2013 08:39:09 -0700 Subject: removed unnecessary guardian req and view.action parsing --- rest_framework/permissions.py | 52 +++++++++++++++++++------------------------ 1 file changed, 23 insertions(+), 29 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 0d5e0e78..61a33bdd 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -8,8 +8,7 @@ import warnings SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] from django.http import Http404 -from rest_framework.compat import oauth2_provider_scope, oauth2_constants, guardian -from rest_framework.filters import ObjectPermissionReaderFilter +from rest_framework.compat import oauth2_provider_scope, oauth2_constants class BasePermission(object): @@ -158,47 +157,42 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions): Basic object level permissions utilizing django-guardian. """ - def __init__(self): - assert guardian, 'Using DjangoObjectLevelModelPermissions, but django-guardian is not installed' - - action_perm_map = { - 'list': 'read', - 'retrieve': 'read', - 'create': 'add', - 'partial_update': 'change', - 'update': 'change', - 'destroy': 'delete', + actions_map = { + 'GET': ['read_%(model_name)s'], + 'OPTIONS': ['read_%(model_name)s'], + 'HEAD': ['read_%(model_name)s'], + 'POST': ['add_%(model_name)s'], + 'PUT': ['change_%(model_name)s'], + 'PATCH': ['change_%(model_name)s'], + 'DELETE': ['delete_%(model_name)s'], } - def _get_model_name(self, view): - model_cls = getattr(view, 'model', None) - queryset = getattr(view, 'queryset', None) - - if model_cls is None and queryset is not None: - model_cls = queryset.model - if not model_cls: # no model, no model based permissions - return None - model_name = model_cls._meta.module_name - return model_name + def get_required_object_permissions(self, method, model_cls): + kwargs = { + 'model_name': model_cls._meta.module_name + } + return [perm % kwargs for perm in self.actions_map[method]] def has_permission(self, request, view): - if view.action == 'list': + if getattr(view, 'action', None) == 'list': queryset = view.get_queryset() view.queryset = ObjectPermissionReaderFilter().filter_queryset(request, queryset, view) return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view) def has_object_permission(self, request, view, obj): - action = self.action_perm_map.get(view.action) - assert action, "Tried to determine object permissions but no action specified in view" + model_cls = getattr(view, 'model', None) + queryset = getattr(view, 'queryset', None) + + if model_cls is None and queryset is not None: + model_cls = queryset.model + perms = self.get_required_object_permissions(request.method, model_cls) user = request.user - model_name = self._get_model_name(view) - perm = "{action}_{model_name}".format(action=action, model_name=model_name) - check = user.has_perm(perm, obj) + check = user.has_perms(perms, obj) if not check: raise Http404 - return user.has_perm(perm, obj) + return user.has_perms(perms, obj) class TokenHasReadWriteScope(BasePermission): -- cgit v1.2.3 From 23fc9dd53fcd9cc25e2c77e5ffae395f04d4990d Mon Sep 17 00:00:00 2001 From: bwreilly Date: Mon, 9 Sep 2013 09:32:29 -0700 Subject: better doc for object permissions, drop redundant has_permission call --- rest_framework/permissions.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 61a33bdd..70bf9c61 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -154,7 +154,14 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): class DjangoObjectLevelModelPermissions(DjangoModelPermissions): """ - Basic object level permissions utilizing django-guardian. + The request is authenticated using `django.contrib.auth` permissions. + See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions + + It ensures that the user is authenticated, and has the appropriate + `add`/`change`/`delete` permissions on the object using .has_perms. + + This permission can only be applied against view classes that + provide a `.model` or `.queryset` attribute. """ actions_map = { @@ -173,12 +180,6 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions): } return [perm % kwargs for perm in self.actions_map[method]] - def has_permission(self, request, view): - if getattr(view, 'action', None) == 'list': - queryset = view.get_queryset() - view.queryset = ObjectPermissionReaderFilter().filter_queryset(request, queryset, view) - return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view) - def has_object_permission(self, request, view, obj): model_cls = getattr(view, 'model', None) queryset = getattr(view, 'queryset', None) -- cgit v1.2.3 From 5970baa20112921217ae4f2c2a9f175df25922db Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 10 Sep 2013 21:00:13 +0100 Subject: Tweaks and docs to object-level model permissions. --- rest_framework/permissions.py | 47 ++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 16 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 70bf9c61..53184798 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -152,10 +152,10 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): authenticated_users_only = False -class DjangoObjectLevelModelPermissions(DjangoModelPermissions): +class DjangoObjectPermissions(DjangoModelPermissions): """ - The request is authenticated using `django.contrib.auth` permissions. - See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions + The request is authenticated using Django's object-level permissions. + It requires an object-permissions-enabled backend, such as Django Guardian. It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the object using .has_perms. @@ -164,21 +164,22 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions): provide a `.model` or `.queryset` attribute. """ - actions_map = { - 'GET': ['read_%(model_name)s'], - 'OPTIONS': ['read_%(model_name)s'], - 'HEAD': ['read_%(model_name)s'], - 'POST': ['add_%(model_name)s'], - 'PUT': ['change_%(model_name)s'], - 'PATCH': ['change_%(model_name)s'], - 'DELETE': ['delete_%(model_name)s'], + perms_map = { + 'GET': [], + 'OPTIONS': [], + 'HEAD': [], + 'POST': ['%(app_label)s.add_%(model_name)s'], + 'PUT': ['%(app_label)s.change_%(model_name)s'], + 'PATCH': ['%(app_label)s.change_%(model_name)s'], + 'DELETE': ['%(app_label)s.delete_%(model_name)s'], } def get_required_object_permissions(self, method, model_cls): kwargs = { + 'app_label': model_cls._meta.app_label, 'model_name': model_cls._meta.module_name } - return [perm % kwargs for perm in self.actions_map[method]] + return [perm % kwargs for perm in self.perms_map[method]] def has_object_permission(self, request, view, obj): model_cls = getattr(view, 'model', None) @@ -190,10 +191,24 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions): perms = self.get_required_object_permissions(request.method, model_cls) user = request.user - check = user.has_perms(perms, obj) - if not check: - raise Http404 - return user.has_perms(perms, obj) + if not user.has_perms(perms, obj): + # If the user does not have permissions we need to determine if + # they have read permissions to see 403, or not, and simply see + # a 404 reponse. + + if request.method in ('GET', 'OPTIONS', 'HEAD'): + # Read permissions already checked and failed, no need + # to make another lookup. + raise Http404 + + read_perms = self.get_required_object_permissions('GET', model_cls) + if not user.has_perms(read_perms, obj): + raise Http404 + + # Has read permissions. + return False + + return True class TokenHasReadWriteScope(BasePermission): -- cgit v1.2.3 From abbe9213f98b5e1d3b53db2c1711d9221c5b257f Mon Sep 17 00:00:00 2001 From: Markus Kaiserswerth Date: Mon, 23 Sep 2013 17:48:25 +0200 Subject: Address pending deprecation of Model._meta.module_name in Django 1.6 --- rest_framework/permissions.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 53184798..ab6655e7 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -8,7 +8,8 @@ import warnings SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] from django.http import Http404 -from rest_framework.compat import oauth2_provider_scope, oauth2_constants +from rest_framework.compat import (get_model_name, oauth2_provider_scope, + oauth2_constants) class BasePermission(object): @@ -116,7 +117,7 @@ class DjangoModelPermissions(BasePermission): """ kwargs = { 'app_label': model_cls._meta.app_label, - 'model_name': model_cls._meta.module_name + 'model_name': get_model_name(model_cls) } return [perm % kwargs for perm in self.perms_map[method]] @@ -177,7 +178,7 @@ class DjangoObjectPermissions(DjangoModelPermissions): def get_required_object_permissions(self, method, model_cls): kwargs = { 'app_label': model_cls._meta.app_label, - 'model_name': model_cls._meta.module_name + 'model_name': get_model_name(model_cls) } return [perm % kwargs for perm in self.perms_map[method]] -- cgit v1.2.3 From 2d6d725c2f7f2226f9287211e64037816f8f2cac Mon Sep 17 00:00:00 2001 From: amatellanes Date: Sun, 22 Dec 2013 12:39:47 +0100 Subject: Simplified some functions --- rest_framework/permissions.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index ab6655e7..f24a5123 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -54,9 +54,7 @@ class IsAuthenticated(BasePermission): """ def has_permission(self, request, view): - if request.user and request.user.is_authenticated(): - return True - return False + return request.user and request.user.is_authenticated() class IsAdminUser(BasePermission): @@ -65,9 +63,7 @@ class IsAdminUser(BasePermission): """ def has_permission(self, request, view): - if request.user and request.user.is_staff: - return True - return False + return request.user and request.user.is_staff class IsAuthenticatedOrReadOnly(BasePermission): @@ -76,11 +72,9 @@ class IsAuthenticatedOrReadOnly(BasePermission): """ def has_permission(self, request, view): - if (request.method in SAFE_METHODS or - request.user and - request.user.is_authenticated()): - return True - return False + return (request.method in SAFE_METHODS or + request.user and + request.user.is_authenticated()) class DjangoModelPermissions(BasePermission): @@ -138,11 +132,9 @@ class DjangoModelPermissions(BasePermission): perms = self.get_required_permissions(request.method, model_cls) - if (request.user and + return (request.user and (request.user.is_authenticated() or not self.authenticated_users_only) and - request.user.has_perms(perms)): - return True - return False + request.user.has_perms(perms)) class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): -- cgit v1.2.3 From bf09c32de8f9d528f83e9cb7a2773d1f4c9ab563 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 19 Aug 2014 13:28:07 +0100 Subject: Code linting and added runtests.py --- rest_framework/permissions.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index c9517138..6a1a0077 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -62,9 +62,11 @@ class IsAuthenticatedOrReadOnly(BasePermission): """ def has_permission(self, request, view): - return (request.method in SAFE_METHODS or - request.user and - request.user.is_authenticated()) + return ( + request.method in SAFE_METHODS or + request.user and + request.user.is_authenticated() + ) class DjangoModelPermissions(BasePermission): @@ -122,9 +124,11 @@ class DjangoModelPermissions(BasePermission): perms = self.get_required_permissions(request.method, model_cls) - return (request.user and + return ( + request.user and (request.user.is_authenticated() or not self.authenticated_users_only) and - request.user.has_perms(perms)) + request.user.has_perms(perms) + ) class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): @@ -212,6 +216,8 @@ class TokenHasReadWriteScope(BasePermission): required = oauth2_constants.READ if read_only else oauth2_constants.WRITE return oauth2_provider_scope.check(required, request.auth.scope) - assert False, ('TokenHasReadWriteScope requires either the' - '`OAuthAuthentication` or `OAuth2Authentication` authentication ' - 'class to be used.') + assert False, ( + 'TokenHasReadWriteScope requires either the' + '`OAuthAuthentication` or `OAuth2Authentication` authentication ' + 'class to be used.' + ) -- cgit v1.2.3 From 4d8c63abc996bcb44d7a68dd7a7234b0d9f148a0 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 20 Aug 2014 17:15:46 +0100 Subject: Deprecate .model in related routers/permissions --- rest_framework/permissions.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 6a1a0077..29f60d6d 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -108,6 +108,9 @@ class DjangoModelPermissions(BasePermission): return [perm % kwargs for perm in self.perms_map[method]] def has_permission(self, request, view): + # Note that `.model` attribute on views is deprecated, although we + # enforce the deprecation on the view `get_serializer_class()` and + # `get_queryset()` methods, rather than here. model_cls = getattr(view, 'model', None) queryset = getattr(view, 'queryset', None) -- cgit v1.2.3 From baa518cd890103173dd18857c609432bd47c6be4 Mon Sep 17 00:00:00 2001 From: Jharrod LaFon Date: Fri, 5 Sep 2014 15:30:01 -0700 Subject: Moved OAuth support out of DRF and into a separate package, per #1767 --- rest_framework/permissions.py | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 29f60d6d..7c498645 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -3,8 +3,7 @@ Provides a set of pluggable permission policies. """ from __future__ import unicode_literals from django.http import Http404 -from rest_framework.compat import (get_model_name, oauth2_provider_scope, - oauth2_constants) +from rest_framework.compat import get_model_name SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] @@ -199,28 +198,3 @@ class DjangoObjectPermissions(DjangoModelPermissions): return False return True - - -class TokenHasReadWriteScope(BasePermission): - """ - The request is authenticated as a user and the token used has the right scope - """ - - def has_permission(self, request, view): - token = request.auth - read_only = request.method in SAFE_METHODS - - if not token: - return False - - if hasattr(token, 'resource'): # OAuth 1 - return read_only or not request.auth.resource.is_readonly - elif hasattr(token, 'scope'): # OAuth 2 - required = oauth2_constants.READ if read_only else oauth2_constants.WRITE - return oauth2_provider_scope.check(required, request.auth.scope) - - assert False, ( - 'TokenHasReadWriteScope requires either the' - '`OAuthAuthentication` or `OAuth2Authentication` authentication ' - 'class to be used.' - ) -- cgit v1.2.3 From d9930181ee157f51e2fcea33a3af5ea397647324 Mon Sep 17 00:00:00 2001 From: Tymur Maryokhin Date: Fri, 5 Dec 2014 00:29:28 +0100 Subject: Removed unused imports, pep8 fixes, typo fixes --- rest_framework/permissions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'rest_framework/permissions.py') diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 29f60d6d..3f6f5961 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -184,7 +184,7 @@ class DjangoObjectPermissions(DjangoModelPermissions): if not user.has_perms(perms, obj): # If the user does not have permissions we need to determine if # they have read permissions to see 403, or not, and simply see - # a 404 reponse. + # a 404 response. if request.method in ('GET', 'OPTIONS', 'HEAD'): # Read permissions already checked and failed, no need -- cgit v1.2.3