permissions must return a boolean

markddavidoff · web-flow · commit 6f2c0dbf4d91 · 2018-10-28T14:12:39.000-07:00
`x and y` actually returns object y when both are true. the means P &amp; IsAuthenticated will fail with TypeError: unsupported operand type(s) for &amp;: 'instance' and 'bool' as IsAuthenticated now returns a CallableBool which does not overload __ror__
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
@@ -110,7 +110,7 @@ class IsAuthenticated(BasePermission):
     """
 
     def has_permission(self, request, view):
-        return request.user and request.user.is_authenticated
+        return bool(request.user and request.user.is_authenticated)
 
 
 class IsAdminUser(BasePermission):
@@ -119,7 +119,7 @@ class IsAdminUser(BasePermission):
     """
 
     def has_permission(self, request, view):
-        return request.user and request.user.is_staff
+        return bool(request.user and request.user.is_staff)
 
 
 class IsAuthenticatedOrReadOnly(BasePermission):
@@ -128,7 +128,7 @@ class IsAuthenticatedOrReadOnly(BasePermission):
     """
 
     def has_permission(self, request, view):
-        return (
+        return bool(
             request.method in SAFE_METHODS or
             request.user and
             request.user.is_authenticated
