New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added view permission checks on DjangoAuthorization #1658
base: master
Are you sure you want to change the base?
Conversation
In the meantime (temporary solution), you can implement something like this:
This is not backwards compatible (will restrict access to |
Does anything change about TastyPie's authorization docs? Or is this just a compatibility fix that was previously missed? (Specifically, is https://github.com/django-tastypie/django-tastypie/blob/master/docs/authorization.rst still accurate or does it need updating?) |
First look seems to be that those docs need updating as well. This part in particular, but I'll read through the whole thing tomorrow. I'll update the PR with updates. |
Updated DjangoAuthorization descriptions according to Django 4.2 authorization methods.
I updated the docs, everything is up-to-date now. Was thinking, maybe it's an idea to keep the It will require a deprecation flag as well, but it'd be less breaking for existing implementations. But in this state it works too. Let me know what you think. |
DjangoAuthorization
docs are outdated, specifically on theREAD_PERM_CODE
definition. The link pointing to Django 1.9 no longer exists, but the latest link to Django 4.2 references the following:https://docs.djangoproject.com/en/4.2/topics/auth/default/#permissions-and-authorization
This PR allows
GET
calls by users with view permissions, but without change permissions.PATCH/PUT
calls still require change permissions, andGET
calls do still work with change permissions. Should be fully backwards compatible.