From 6d4d048ed52dbdc28e9cc71a2d67484798c47d4a Mon Sep 17 00:00:00 2001 From: ManishShah120 Date: Wed, 2 Jun 2021 17:14:47 +0530 Subject: [PATCH] Updated documentation and simplified code --- docs/api-guide/permissions.md | 3 ++- rest_framework/permissions.py | 5 +---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 34cbd0b739..27f7c5adb4 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -173,11 +173,12 @@ This permission is suitable if you want to your API to allow read permissions to This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. This permission must only be applied to views that have a `.queryset` property or `get_queryset()` method. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned. The appropriate model is determined by checking `get_queryset().model` or `queryset.model`. +* `GET` requests require the user to have the `view` or `change` permission on the model * `POST` requests require the user to have the `add` permission on the model. * `PUT` and `PATCH` requests require the user to have the `change` permission on the model. * `DELETE` requests require the user to have the `delete` permission on the model. -The default behavior can also be overridden to support custom model permissions. For example, you might want to include a `view` model permission for `GET` requests. +The default behaviour can also be overridden to support custom model permissions. To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property. Refer to the source code for details. diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 07c0231c55..8fb4569cb1 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -243,10 +243,7 @@ def has_permission(self, request, view): user = request.user if request.method == 'GET': - if user.has_perms(perms) or user.has_perms(change_perm): - return True - else: - return False + return user.has_perms(perms) or user.has_perms(change_perm) return user.has_perms(perms)