Skip to content

Commit

Permalink
Fix Respect can_read_model permission in DjangoModelPermissions
Browse files Browse the repository at this point in the history 
FIXES: encode#6324
  • Loading branch information
@ManishShah120
ManishShah120 committed May 26, 2021
1 parent bc07521 commit cf3183d
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions rest_framework/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,9 +175,9 @@ class DjangoModelPermissions(BasePermission):
# Override this if you need to also provide 'view' permissions,
# or if you want to provide custom permission codes.
perms_map = {
'GET': [],
'GET': ['%(app_label)s.view_%(model_name)s'],
'OPTIONS': [],
'HEAD': [],
'HEAD': ['%(app_label)s.view_%(model_name)s'],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
Expand Down Expand Up @@ -228,8 +228,16 @@ def has_permission(self, request, view):

queryset = self._queryset(view)
perms = self.get_required_permissions(request.method, queryset.model)
change_perm = self.get_required_permissions('PUT', queryset.model)

user = request.user
if request.method == 'GET':
if user.has_perms(perms) or user.has_perms(change_perm):
return True
else:
return False

return request.user.has_perms(perms)
return user.has_perms(perms)


class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions):
Expand Down

0 comments on commit cf3183d

Please sign in to comment.