From 5a284a09b0c703f3caf9a37fa324d04ae4bbd00a Mon Sep 17 00:00:00 2001
From: Oliver Sauder <os@esite.ch>
Date: Sat, 12 Dec 2020 23:29:52 +0400
Subject: [PATCH] Add warning to docs on permission check with related urls

---
 docs/usage.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/usage.md b/docs/usage.md
index 415c492b..0e724713 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -703,6 +703,14 @@ class OrderSerializer(serializers.HyperlinkedModelSerializer):
     }
 ```
 
+<div class="warning">
+    <strong>Note:</strong>
+    Even though with related urls relations are served on different urls there are still served
+    by the same view. This means that the object permission check is performed on the parent object.
+    In other words when the parent object is accessible by the user the related object will be as well.
+</div>
+
+
 ### RelationshipView
 `rest_framework_json_api.views.RelationshipView` is used to build
 relationship views (see the