Merge pull request #327 from tomchristie/allow-any-permission

Add AllowAny permission

Merge pull request #327 from tomchristie/allow-any-permission
Add AllowAny permission
1b2c2358 · Tom Christie · 1eb56ebd · af96fe05 · 1b2c2358 · 1b2c2358
Commit 1b2c2358 authored Oct 28, 2012 by Tom Christie
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 4 deletions

docs/api-guide/permissions.md
+12 -0

docs/api-guide/settings.md
+5 -1

rest_framework/permissions.py
+11 -0

rest_framework/settings.py
+6 -3

No files found.
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@@ -33,6 +33,12 @@ The default permission policy may be set globally, using the `DEFAULT_PERMISSION
        )
    }
+If not specified, this setting defaults to allowing unrestricted access:
+    'DEFAULT_PERMISSION_CLASSES': (
+       'rest_framework.permissions.AllowAny',
+    )
 You can also set the authentication policy on a per-view basis, using the `APIView` class based views.
    class ExampleView(APIView):
@@ -58,6 +64,12 @@ Or, if you're using the `@api_view` decorator with function based views.
 # API Reference
+## AllowAny
+The `AllowAny` permission class will allow unrestricted access, **regardless of if the request was authenticated or unauthenticated**.
+This permission is not strictly required, since you can achieve the same result by using an empty list or tuple for the permissions setting, but you may find it useful to specify this class because it makes the intention explicit.
 ## IsAuthenticated
 The `IsAuthenticated` permission class will deny permission to any unauthenticated user, and allow permission otherwise.

--- a/docs/api-guide/settings.md
+++ b/docs/api-guide/settings.md
@@ -72,7 +72,11 @@ Default:
 A list or tuple of permission classes, that determines the default set of permissions checked at the start of a view.
-Default: `()`
+Default:
+    (
+        'rest_framework.permissions.AllowAny',
+    )
 ## DEFAULT_THROTTLE_CLASSES

--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -18,6 +18,17 @@ class BasePermission(object):
        raise NotImplementedError(".has_permission() must be overridden.")
+class AllowAny(BasePermission):
+    """
+    Allow any access.
+    This isn't strictly required, since you could use an empty
+    permission_classes list, but it's useful because it makes the intention
+    more explicit.
+    """
+    def has_permission(self, request, view, obj=None):
+        return True
 class IsAuthenticated(BasePermission):
    """
    Allows access only to authenticated users.

--- a/rest_framework/settings.py
+++ b/rest_framework/settings.py
@@ -37,11 +37,14 @@ DEFAULTS = {
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication'
    ),
-    'DEFAULT_PERMISSION_CLASSES': (),
+    'DEFAULT_PERMISSION_CLASSES': (
-    'DEFAULT_THROTTLE_CLASSES': (),
+        'rest_framework.permissions.AllowAny',
+    ),
+    'DEFAULT_THROTTLE_CLASSES': (
+    ),
    'DEFAULT_CONTENT_NEGOTIATION_CLASS':
        'rest_framework.negotiation.DefaultContentNegotiation',
    'DEFAULT_MODEL_SERIALIZER_CLASS':
        'rest_framework.serializers.ModelSerializer',
    'DEFAULT_PAGINATION_SERIALIZER_CLASS':