From 23fc9dd53fcd9cc25e2c77e5ffae395f04d4990d Mon Sep 17 00:00:00 2001
From: bwreilly
Date: Mon, 9 Sep 2013 09:32:29 -0700
Subject: better doc for object permissions, drop redundant has_permission call

---
 rest_framework/permissions.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'rest_framework')

diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 61a33bdd..70bf9c61 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -154,7 +154,14 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions):
 
 class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
     """
-    Basic object level permissions utilizing django-guardian.
+    The request is authenticated using `django.contrib.auth` permissions.
+    See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions
+
+    It ensures that the user is authenticated, and has the appropriate
+    `add`/`change`/`delete` permissions on the object using .has_perms.
+
+    This permission can only be applied against view classes that
+    provide a `.model` or `.queryset` attribute.
     """
 
     actions_map = {
@@ -173,12 +180,6 @@ class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
         }
         return [perm % kwargs for perm in self.actions_map[method]]
 
-    def has_permission(self, request, view):
-        if getattr(view, 'action', None) == 'list':
-            queryset = view.get_queryset()
-            view.queryset = ObjectPermissionReaderFilter().filter_queryset(request, queryset, view)
-        return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view)
-
     def has_object_permission(self, request, view, obj):
         model_cls = getattr(view, 'model', None)
         queryset = getattr(view, 'queryset', None)
-- 
cgit v1.2.3