Enforce object permissions check when rendering forms in browseable API

tomchristie · tomchristie · commit 4802177766b9 · 2013-05-18T21:19:53.000+01:00
diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py
@@ -349,6 +349,7 @@ def show_form_for_method(self, view, method, request, obj):
 
         try:
             view.check_permissions(request)
+            view.check_object_permissions(request, obj)
         except exceptions.APIException:
             return False  # Doesn't have permissions
         return True
