Updated documentation and simplified code

encode · Jan 12, 2023 · 6d4d048 · 6d4d048
1 parent ecae64f
commit 6d4d048
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md
@@ -173,11 +173,12 @@ This permission is suitable if you want to your API to allow read permissions to
 
 This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  This permission must only be applied to views that have a `.queryset` property or `get_queryset()` method. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned. The appropriate model is determined by checking `get_queryset().model` or `queryset.model`.
 
+* `GET` requests require the user to have the `view` or `change` permission on the model
 * `POST` requests require the user to have the `add` permission on the model.
 * `PUT` and `PATCH` requests require the user to have the `change` permission on the model.
 * `DELETE` requests require the user to have the `delete` permission on the model.
 
-The default behavior can also be overridden to support custom model permissions.  For example, you might want to include a `view` model permission for `GET` requests.
+The default behaviour can also be overridden to support custom model permissions.
 
 To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property.  Refer to the source code for details.
 

diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
@@ -243,10 +243,7 @@ def has_permission(self, request, view):
 
         user = request.user
         if request.method == 'GET':
-            if user.has_perms(perms) or user.has_perms(change_perm):
-                return True
-            else:
-                return False
+            return user.has_perms(perms) or user.has_perms(change_perm)
 
         return user.has_perms(perms)