Merge pull request #2818 from maryokhin/master

tomchristie · tomchristie · commit ecb37f518e7e · 2015-04-17T16:15:27.000+01:00
Don't check for deprecated '.model' attribute in permissions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
@@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission):
     `add`/`change`/`delete` permissions on the model.
 
     This permission can only be applied against view classes that
-    provide a `.model` or `.queryset` attribute.
+    provide a `.queryset` attribute.
     """
 
     # Map methods into required permission codes.
@@ -107,24 +107,19 @@ def get_required_permissions(self, method, model_cls):
         return [perm % kwargs for perm in self.perms_map[method]]
 
     def has_permission(self, request, view):
-        # Note that `.model` attribute on views is deprecated, although we
-        # enforce the deprecation on the view `get_serializer_class()` and
-        # `get_queryset()` methods, rather than here.
-        model_cls = getattr(view, 'model', None)
         queryset = getattr(view, 'queryset', None)
 
-        if model_cls is None and queryset is not None:
-            model_cls = queryset.model
-
         # Workaround to ensure DjangoModelPermissions are not applied
         # to the root view when using DefaultRouter.
-        if model_cls is None and getattr(view, '_ignore_model_permissions', False):
+        if queryset is None and getattr(view, '_ignore_model_permissions', False):
             return True
 
-        assert model_cls, ('Cannot apply DjangoModelPermissions on a view that'
-                           ' does not have `.model` or `.queryset` property.')
+        assert queryset, (
+            'Cannot apply DjangoModelPermissions on a view that '
+            'does not have `.queryset` property.'
+        )
 
-        perms = self.get_required_permissions(request.method, model_cls)
+        perms = self.get_required_permissions(request.method, queryset.model)
 
         return (
             request.user and
@@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
     `add`/`change`/`delete` permissions on the object using .has_perms.
 
     This permission can only be applied against view classes that
-    provide a `.model` or `.queryset` attribute.
+    provide a `.queryset` attribute.
     """
 
     perms_map = {
@@ -171,14 +166,10 @@ def get_required_object_permissions(self, method, model_cls):
         return [perm % kwargs for perm in self.perms_map[method]]
 
     def has_object_permission(self, request, view, obj):
-        model_cls = getattr(view, 'model', None)
-        queryset = getattr(view, 'queryset', None)
-
-        if model_cls is None and queryset is not None:
-            model_cls = queryset.model
+        model_cls = view.queryset.model
+        user = request.user
 
         perms = self.get_required_object_permissions(request.method, model_cls)
-        user = request.user
 
         if not user.has_perms(perms, obj):
             # If the user does not have permissions we need to determine if
