You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Docs: Clarify model used in DjangoModelPermissions (#8615)
I found it unclear how the model was determined for `DjangoModelPermissions`. The docs say you need a `queryset` or `get_queryset`, but not that the value returned from those is what determines the model that is used.
Copy file name to clipboardExpand all lines: docs/api-guide/permissions.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -171,7 +171,7 @@ This permission is suitable if you want to your API to allow read permissions to
171
171
172
172
## DjangoModelPermissions
173
173
174
-
This permission class ties into Django's standard `django.contrib.auth`[model permissions][contribauth]. This permission must only be applied to views that have a `.queryset` property or `get_queryset()` method. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.
174
+
This permission class ties into Django's standard `django.contrib.auth`[model permissions][contribauth]. This permission must only be applied to views that have a `.queryset` property or `get_queryset()` method. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned. The appropriate model is determined by checking `get_queryset().model` or `queryset.model`.
175
175
176
176
*`POST` requests require the user to have the `add` permission on the model.
177
177
*`PUT` and `PATCH` requests require the user to have the `change` permission on the model.
0 commit comments