From c2e536bfda6ca65fb3ecd94522ba50ca80279456 Mon Sep 17 00:00:00 2001 From: Nicolas Delaby Date: Wed, 22 Apr 2015 10:18:30 +0200 Subject: [PATCH] Tell DjangoModelPermissions to rely on get_queryset first. --- rest_framework/permissions.py | 8 +++++++- tests/test_permissions.py | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 8215957e69..22ca2f8128 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -107,7 +107,13 @@ def get_required_permissions(self, method, model_cls): return [perm % kwargs for perm in self.perms_map[method]] def has_permission(self, request, view): - queryset = getattr(view, 'queryset', None) + try: + queryset = view.get_queryset() + except AttributeError: + queryset = getattr(view, 'queryset', None) + except AssertionError: + # view.get_queryset() didn't find .queryset + queryset = None # Workaround to ensure DjangoModelPermissions are not applied # to the root view when using DefaultRouter. diff --git a/tests/test_permissions.py b/tests/test_permissions.py index 97bac33dbc..223100a785 100644 --- a/tests/test_permissions.py +++ b/tests/test_permissions.py @@ -31,8 +31,19 @@ class InstanceView(generics.RetrieveUpdateDestroyAPIView): authentication_classes = [authentication.BasicAuthentication] permission_classes = [permissions.DjangoModelPermissions] + +class GetQuerySetListView(generics.ListCreateAPIView): + serializer_class = BasicSerializer + authentication_classes = [authentication.BasicAuthentication] + permission_classes = [permissions.DjangoModelPermissions] + + def get_queryset(self): + return BasicModel.objects.all() + + root_view = RootView.as_view() instance_view = InstanceView.as_view() +get_queryset_list_view = GetQuerySetListView.as_view() def basic_auth_header(username, password): @@ -67,6 +78,12 @@ def test_has_create_permissions(self): response = root_view(request, pk=1) self.assertEqual(response.status_code, status.HTTP_201_CREATED) + def test_get_queryset_has_create_permissions(self): + request = factory.post('/', {'text': 'foobar'}, format='json', + HTTP_AUTHORIZATION=self.permitted_credentials) + response = get_queryset_list_view(request, pk=1) + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + def test_has_put_permissions(self): request = factory.put('/1', {'text': 'foobar'}, format='json', HTTP_AUTHORIZATION=self.permitted_credentials) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy