Skip to content

Commit 9df21d7

Browse files
committed
Allow DjangoObjectPermissions to use views that define get_queryset
1 parent 8beef47 commit 9df21d7

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

rest_framework/permissions.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,7 @@ def get_required_object_permissions(self, method, model_cls):
172172
return [perm % kwargs for perm in self.perms_map[method]]
173173

174174
def has_object_permission(self, request, view, obj):
175-
model_cls = view.queryset.model
175+
model_cls = view.get_queryset().model
176176
user = request.user
177177

178178
perms = self.get_required_object_permissions(request.method, model_cls)

tests/test_permissions.py

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -227,6 +227,18 @@ class ObjectPermissionListView(generics.ListAPIView):
227227
object_permissions_list_view = ObjectPermissionListView.as_view()
228228

229229

230+
class GetQuerysetObjectPermissionInstanceView(generics.RetrieveUpdateDestroyAPIView):
231+
serializer_class = BasicPermSerializer
232+
authentication_classes = [authentication.BasicAuthentication]
233+
permission_classes = [ViewObjectPermissions]
234+
235+
def get_queryset(self):
236+
return BasicPermModel.objects.all()
237+
238+
239+
get_queryset_object_permissions_view = GetQuerysetObjectPermissionInstanceView.as_view()
240+
241+
230242
@unittest.skipUnless(guardian, 'django-guardian not installed')
231243
class ObjectPermissionsIntegrationTests(TestCase):
232244
"""
@@ -326,6 +338,15 @@ def test_cannot_read_permissions(self):
326338
response = object_permissions_view(request, pk='1')
327339
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
328340

341+
def test_can_read_get_queryset_permissions(self):
342+
"""
343+
same as ``test_can_read_permissions`` but with a view
344+
that rely on ``.get_queryset()`` instead of ``.queryset``.
345+
"""
346+
request = factory.get('/1', HTTP_AUTHORIZATION=self.credentials['readonly'])
347+
response = get_queryset_object_permissions_view(request, pk='1')
348+
self.assertEqual(response.status_code, status.HTTP_200_OK)
349+
329350
# Read list
330351
def test_can_read_list_permissions(self):
331352
request = factory.get('/', HTTP_AUTHORIZATION=self.credentials['readonly'])

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy