better doc for object permissions, drop redundant has_permission call

bwreilly · bwreilly · commit 23fc9dd53fcd · 2013-09-09T09:32:29.000-07:00
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
@@ -154,7 +154,14 @@ class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions):
 
 class DjangoObjectLevelModelPermissions(DjangoModelPermissions):
     """
-    Basic object level permissions utilizing django-guardian.
+    The request is authenticated using `django.contrib.auth` permissions.
+    See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions
+
+    It ensures that the user is authenticated, and has the appropriate
+    `add`/`change`/`delete` permissions on the object using .has_perms.
+
+    This permission can only be applied against view classes that
+    provide a `.model` or `.queryset` attribute.
     """
 
     actions_map = {
@@ -173,12 +180,6 @@ def get_required_object_permissions(self, method, model_cls):
         }
         return [perm % kwargs for perm in self.actions_map[method]]
 
-    def has_permission(self, request, view):
-        if getattr(view, 'action', None) == 'list':
-            queryset = view.get_queryset()
-            view.queryset = ObjectPermissionReaderFilter().filter_queryset(request, queryset, view)
-        return super(DjangoObjectLevelModelPermissions, self).has_permission(request, view)
-
     def has_object_permission(self, request, view, obj):
         model_cls = getattr(view, 'model', None)
         queryset = getattr(view, 'queryset', None)
