Good question!
the answer lies in dispatch
<https://github.com/encode/django-rest-framework/blob/master/rest_framework/views.py#L481-L508>
,
try:
self.initial(request, *args, **kwargs)
# Get the appropriate handler method
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(),
self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
which checks permissions and auth
<https://github.com/encode/django-rest-framework/blob/master/rest_framework/views.py#L409-L411>
So, due to this, the permission check occurs before the request method
handler is resolved
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-rest-framework+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-rest-framework/7c15c795-bfcb-4194-95a8-cd384a6563d9%40googlegroups.com.
