added guardian as optional requirement, stubbed out object-level permission class

4a9dcfa7 · bwreilly · 551fe920 · 4a9dcfa7 · 4a9dcfa7 · 4a9dcfa7
Commit 4a9dcfa7 authored Sep 06, 2013 by bwreilly
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 1 deletions

docs/index.md
+1 -0

rest_framework/compat.py
+6 -0

rest_framework/permissions.py
+6 -1

rest_framework/tests/test_permissions.py
+1 -0

No files found.
--- a/docs/index.md
+++ b/docs/index.md
@@ -42,6 +42,7 @@ The following packages are optional:
 * [django-filter][django-filter] (0.5.4+) - Filtering support.
 * [django-oauth-plus][django-oauth-plus] (2.0+) and [oauth2][oauth2] (1.5.211+) - OAuth 1.0a support.
 * [django-oauth2-provider][django-oauth2-provider] (0.2.3+) - OAuth 2.0 support.
+* [django-guardian][django-guardian] (1.1.1+) - Object level permissions support.

 **Note**: The `oauth2` Python package is badly misnamed, and actually provides OAuth 1.0a support.  Also note that packages required for both OAuth 1.0a, and OAuth 2.0 are not yet Python 3 compatible.


--- a/rest_framework/compat.py
+++ b/rest_framework/compat.py
@@ -47,6 +47,12 @@ try:
 except ImportError:
    django_filters = None

+# guardian is optional
+try:
+    import guardian
+except ImportError:
+    guardian = None
+

 # cStringIO only if it's available, otherwise StringIO
 try:

--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -7,7 +7,7 @@ import warnings

 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']

-from rest_framework.compat import oauth2_provider_scope, oauth2_constants
+from rest_framework.compat import oauth2_provider_scope, oauth2_constants, guardian


 class BasePermission(object):
@@ -151,6 +151,11 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions):
    authenticated_users_only = False


+class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
+    def __init__(self):
+        assert guardian, 'Using DjangoObjectLevelModelPermissions, but guardian is not installed'
+
+
 class TokenHasReadWriteScope(BasePermission):
    """
    The request is authenticated as a user and the token used has the right scope

--- a/rest_framework/tests/test_permissions.py
+++ b/rest_framework/tests/test_permissions.py
@@ -4,6 +4,7 @@ from django.db import models
 from django.test import TestCase
 from rest_framework import generics, status, permissions, authentication, HTTP_HEADER_ENCODING
 from rest_framework.test import APIRequestFactory
+from rest_framework.compat import guardian
 import base64

 factory = APIRequestFactory()