Topic/1112 (#1113)

daffyd · web-flow · commit c48b7516fe6a · 2022-02-23T15:52:28.000-05:00
diff --git a/AUTHORS b/AUTHORS
@@ -70,3 +70,4 @@ Vinay Karanam
 Eduardo Oliveira
 Andrea Greco
 Dominik George
+David Hill
diff --git a/docs/tutorial/tutorial_03.rst b/docs/tutorial/tutorial_03.rst
@@ -78,3 +78,35 @@ Now supposing your access token value is `123456` you can try to access your aut
 ::
 
     curl -H "Authorization: Bearer 123456" -X GET http://localhost:8000/secret
+
+Working with Rest_framework generic class based views
+-----------------------------------------------------
+
+If you have completed the `Django REST framework tutorial
+<https://www.django-rest-framework.org/tutorial/3-class-based-views/#using-generic-class-based-views>`_,
+you will be familiar with the 'Snippet' example, in particular the SnippetList and SnippetDetail classes.
+
+It would be nice to reuse those views **and** support token handling. Instead of reworking
+those classes to be ProtectedResourceView based, the solution is much simpler than that.
+
+Assume you have already modified the settings as was already shown.
+The key is setting a class attribute to override the default *permissions_classes* with something that will use our :term:`Access Token` properly.
+
+.. code-block:: python
+
+    from oauth2_provider.contrib.rest_framework import TokenHasReadWriteScope
+
+    class SnippetList(generics.ListCreateAPIView):
+        ...
+        permission_classes = [TokenHasReadWriteScope]
+
+    class SnippetDetail(generics.ListCreateAPIView):
+        ...
+        permission_classes = [TokenHasReadWriteScope]
+
+Note that this example overrides the Django default permission class setting. There are several other
+ways this can be solved. Overriding the class function *get_permission_classes* is another way
+to solve the problem.
+
+A detailed dive into the `Dango REST framework permissions is here. <https://www.django-rest-framework.org/api-guide/permissions/>`_
+
