diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 8215957e69..22ca2f8128 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -107,7 +107,13 @@ def get_required_permissions(self, method, model_cls):
return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view):
- queryset = getattr(view, 'queryset', None)
+ try:
+ queryset = view.get_queryset()
+ except AttributeError:
+ queryset = getattr(view, 'queryset', None)
+ except AssertionError:
+ # view.get_queryset() didn't find .queryset
+ queryset = None
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 97bac33dbc..223100a785 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -31,8 +31,19 @@ class InstanceView(generics.RetrieveUpdateDestroyAPIView):
authentication_classes = [authentication.BasicAuthentication]
permission_classes = [permissions.DjangoModelPermissions]
+
+class GetQuerySetListView(generics.ListCreateAPIView):
+ serializer_class = BasicSerializer
+ authentication_classes = [authentication.BasicAuthentication]
+ permission_classes = [permissions.DjangoModelPermissions]
+
+ def get_queryset(self):
+ return BasicModel.objects.all()
+
+
root_view = RootView.as_view()
instance_view = InstanceView.as_view()
+get_queryset_list_view = GetQuerySetListView.as_view()
def basic_auth_header(username, password):
@@ -67,6 +78,12 @@ def test_has_create_permissions(self):
response = root_view(request, pk=1)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+ def test_get_queryset_has_create_permissions(self):
+ request = factory.post('/', {'text': 'foobar'}, format='json',
+ HTTP_AUTHORIZATION=self.permitted_credentials)
+ response = get_queryset_list_view(request, pk=1)
+ self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
def test_has_put_permissions(self):
request = factory.put('/1', {'text': 'foobar'}, format='json',
HTTP_AUTHORIZATION=self.permitted_credentials)
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy