Skip to content

Commit fe7cd84

Browse files
author
Carlton Gibson
committed
Merge pull request #2863 from ticosax/rely-on-get_queryset
Tell DjangoModelPermissions to rely on get_queryset first.
2 parents 37be787 + c2e536b commit fe7cd84

File tree

2 files changed

+24
-1
lines changed

2 files changed

+24
-1
lines changed

rest_framework/permissions.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,7 +107,13 @@ def get_required_permissions(self, method, model_cls):
107107
return [perm % kwargs for perm in self.perms_map[method]]
108108

109109
def has_permission(self, request, view):
110-
queryset = getattr(view, 'queryset', None)
110+
try:
111+
queryset = view.get_queryset()
112+
except AttributeError:
113+
queryset = getattr(view, 'queryset', None)
114+
except AssertionError:
115+
# view.get_queryset() didn't find .queryset
116+
queryset = None
111117

112118
# Workaround to ensure DjangoModelPermissions are not applied
113119
# to the root view when using DefaultRouter.

tests/test_permissions.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,19 @@ class InstanceView(generics.RetrieveUpdateDestroyAPIView):
3131
authentication_classes = [authentication.BasicAuthentication]
3232
permission_classes = [permissions.DjangoModelPermissions]
3333

34+
35+
class GetQuerySetListView(generics.ListCreateAPIView):
36+
serializer_class = BasicSerializer
37+
authentication_classes = [authentication.BasicAuthentication]
38+
permission_classes = [permissions.DjangoModelPermissions]
39+
40+
def get_queryset(self):
41+
return BasicModel.objects.all()
42+
43+
3444
root_view = RootView.as_view()
3545
instance_view = InstanceView.as_view()
46+
get_queryset_list_view = GetQuerySetListView.as_view()
3647

3748

3849
def basic_auth_header(username, password):
@@ -67,6 +78,12 @@ def test_has_create_permissions(self):
6778
response = root_view(request, pk=1)
6879
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
6980

81+
def test_get_queryset_has_create_permissions(self):
82+
request = factory.post('/', {'text': 'foobar'}, format='json',
83+
HTTP_AUTHORIZATION=self.permitted_credentials)
84+
response = get_queryset_list_view(request, pk=1)
85+
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
86+
7087
def test_has_put_permissions(self):
7188
request = factory.put('/1', {'text': 'foobar'}, format='json',
7289
HTTP_AUTHORIZATION=self.permitted_credentials)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy