From 4802177766b92c644d7c6f446d0bdf2dbe1917e6 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Sat, 18 May 2013 21:19:53 +0100
Subject: Enforce object permissions check when rendering forms in browseable
 API

---
 rest_framework/renderers.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'rest_framework/renderers.py')

diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
index 6b508e6d..08df7e91 100644
--- a/rest_framework/renderers.py
+++ b/rest_framework/renderers.py
@@ -349,6 +349,7 @@ class BrowsableAPIRenderer(BaseRenderer):
 
         try:
             view.check_permissions(request)
+            view.check_object_permissions(request, obj)
         except exceptions.APIException:
             return False  # Doesn't have permissions
         return True
-- 
cgit v1.2.3