added docs for TokenHasScope permission class. ref #182

jazzband · Mar 23, 2015 · b6af819 · b6af819
1 parent 628f9e6
commit b6af819
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/docs/rest-framework/permissions.rst b/docs/rest-framework/permissions.rst
@@ -4,15 +4,30 @@ Permissions
 Django OAuth Toolkit provides a few utility classes to use along with other permissions in Django REST Framework,
 so you can easily add scoped-based permission checks to your API views.
 
+More details on how to add custom permissions to your API Endpoints can be found at the official
+`Django REST Framework documentation <http://www.django-rest-framework.org/api-guide/permissions/>`_
 
 
 TokenHasScope
 -------------
 
-TODO: add docs for TokenHasScope permission class with usage examples
+The `TokenHasScope` permission class will allow the access only when the current access token has been
+authorized for all the scopes listed in the `required_scopes` field of the view.
+
+For example:
+
+.. code-block:: python
+
+    class SongView(views.APIView):
+        authentication_classes = [OAuth2Authentication]
+        permission_classes = [TokenHasScope]
+        required_scopes = ['music']
+
+The `required_scopes` attribute is mandatory.
 
 
 TokenHasReadWriteScope
 ----------------------
 
 TODO: add docs for TokenHasReadWriteScope permission class with usage examples
+
diff --git a/oauth2_provider/ext/rest_framework/permissions.py b/oauth2_provider/ext/rest_framework/permissions.py
@@ -59,3 +59,4 @@ def get_scopes(self, request, view):
             read_write_scope = oauth2_settings.WRITE_SCOPE
 
         return required_scopes + [read_write_scope]
+