Description
Checklist
- I have verified that that issue exists against the
masterbranch of Django REST framework. - I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
- This is not a usage question. (Those should be directed to the discussion group instead.)
- This cannot be dealt with as a third party library. (We prefer new functionality to be in the form of third party libraries where possible.)
- I have reduced the issue to the simplest possible case.
- I have included a failing test as a pull request. (If you are unable to do so we can still accept the issue.)
Documentation Issue
The DjangoModelPermissions permissions class docs are out of date: website | repo
Specifically the subsection about views without a queryset attribute:
If you're using this permission with a view that uses an overridden get_queryset() method there may not be a queryset attribute on the view. In this case we suggest also marking the view with a sentinel queryset, so that this class can determine the required permissions.
Unless I'm misunderstanding, as of 3.1.2 this is no longer the case, as DjangoModelPermissions will check the get_queryset() method to determine the permissions. In fact, get_queryset() takes priority, meaning sentinel querysets will be ignored, so if they use a different model for queryset than get_queryset() method, that could lead developers to mistakenly believe that their view is protected by a certain model permission when it isn't.
I think that subsection can just be deleted. Additionally, one sentence at the top should be rephrased:
This permission must only be applied to views that have a
.querysetproperty set.
should become something like:
This permission must only be applied to views that have a
.querysetproperty orget_queryset()method.
Relevant PR that changed DjangoModelPermissions
DjangoModelPermissions in current master branch